https://appuals.com/google-chrome-emergency-update-issued-to-counter-high-severity-zero-0-day-exploit-actively-used-in-wild-operation-wizardopium-kaspersky/

Posted by , 01-01-1970

Developers of the Google Chrome web browser issued an emergency update on Halloween. The update is meant for all stable versions of the popular web browser across all platforms, which is a clear indicator of the severity of the update. Apparently, the security update is meant to counter not one but two security vulnerabilities. What’s more concerning is that one of the security flaws has azero-day exploit out in the wild already.

Kaspersky Exploit Prevention, an active threat detection component of Kaspersky products caught a new unknown exploit for Google’s Chrome browser. The team reported their findings to the Google Chrome security team and included a Proof of Concept (PoC) as well. After a quick review, Google was clearly convinced that there was indeed an active 0-Day vulnerability existent in the Google Chrome web browser. After quickly escalating the issue to the highest priority, Google issued an emergency update to the web browser. The security vulnerability has been tagged as ‘High Severity 0-Day Exploit’ and affects all the different variants of the Chrome browser across all the different operating systems.

Kaspersky Detects ‘Exploit.Win32.Generic’ 0-Day Vulnerability Which Affects All Google Chrome Browser Versions:

Google confirmed on Halloween that the “stable channel” desktop Chrome browser is being updated to version 78.0.3904.87 across the Windows, Mac, and Linux platforms. Unlike the updates that begin rolling out gradually, the latest update should have a rather accelerated deployment. Hence it is critical that Chrome browser users ensure they install the latest update without any delay. In a rather cryptic message, Google issued an advisory that said,

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven’t yet fixed.”

https://twitter.com/TheHackersNews/status/1190201400279453697

While Google is being rather incoherent about the security vulnerabilities within Chrome, Kaspersky has unofficially named the attack ‘Operation WizardOpium’. Technically, the attack is an Exploit.Win32.Generic. The maker of antivirus, firewall, and other network security products is still exploring the potential of the attack and the identities of the cybercriminals who may have launched the attack. The team claims some of the code bearssome resemblance to the Lazarus attacks, but nothing is ascertained.

 

According to Kaspersky, the attack appears to mine as much data as possible by loading a malicious profiling script. Apparently, the 0-Day vulnerability was used to inject the malicious JavaScript code. The attack is rather sophisticated as itperforms a number of checks to ensure the system can be infected or that it is vulnerable. Only after the qualification checks, does the attack proceed to obtain the true payload and deploy the same.

Source: https://appuals.com/google-chrome-emergency-update-issued-to-counter-high-severity-zero-0-day-exploit-actively-used-in-wild-operation-wizardopium-kaspersky/