Google engineers unexpectedly released Chrome 78.0.3904.87 for Windows, Mac, and Linux, which fixed a zero-day vulnerability that was already under attack. The problem has received the identifier CVE-2019-13720 and represents a use-aster-free bug in the audio component of the browser.
The vulnerability was discovered by Kaspersky Lab experts who have already published a detailed analysis of the problem. Experts write that the bug is used to install malware on victims’ computers.
Researchers could not associate vulnerability attacks with a specific hacker group, but they named them WizardOpium. According to them, the code has certain similarities with the attacks of the Lazarus grouping, however, this may well be a distracting maneuver.