Google engineers unexpectedly released Chrome 78.0.3904.87 for Windows, Mac, and Linux, which fixed a zero-day vulnerability that was already under attack. The problem has received the identifier CVE-2019-13720 and represents a use-aster-free bug in the audio component of the browser.

The vulnerability was discovered by Kaspersky Lab experts who have already published a detailed analysis of the problem. Experts write that the bug is used to install malware on victims’ computers.

Researchers could not associate vulnerability attacks with a specific hacker group, but they named them WizardOpium. According to them, the code has certain similarities with the attacks of the Lazarus grouping, however, this may well be a distracting maneuver.

It is noted that the exploitation of the vulnerability was associated with a watering hole (“watering hole”) an attack on a Korean-language news portal, on the main page of which malicious JavaScript was introduced. Such attacks are called by analogy with the tactics of predators who hunt at a watering hole, waiting for prey – animals that came to get drunk. And this behavior is more likely similar to the past operations of DarkHotel.

LinkedIn : Rapidsafeguard
Twitter : Rapidsafeguard
Instagram: Rapidsafeguard
Facebook : Theeasyhack
YouTube : Rapidsafeguard

LEAVE A REPLY

Please enter your comment!
Please enter your name here