Kaspersky recently discovered a Google Chrome zero day exploit that was being used in Operation WizardOpium.
Here are the full details, but the TLDR message is – make sure you update Google Chrome ASAP!
The WizardOpium Exploit : What Is It?
Kaspersky’s automated Exploit Prevention subsystem detected the exploit, which they dubbed WizardOpium. It used a zero day vulnerability that had hitherto not known to developers.
The WizardOpium Exploit : How Does It Work?
The attacks, which Kaspersky called Operation OpiumWizard, began with an infiltration at a Korean news website, where attackers managed to inject malicious code.
It loads a script from a third-party site that first checks if the system is suitable for infection – they were interested only in Chrome for Windows, not older than version 65.
If the operating system and browser requirements are met, the script downloads the WizardOpium exploit piece by piece, reassembles and decrypts it.
The script then runs another check on the version of Google Chrome, working exclusively with Chrome 76 or 77.
After verifying that it has the right Chrome version, the script then leverages the use-after-free vulnerability CVE-2019-13720, based on the improper use of system memory.
By manipulating the system memory, the exploit gains permission to read and write data, which it immediately uses to download, decrypt and run the malware package.
The WizardOpium Exploit : Solution
Kaspersky cybersecurity products will detect the exploit, and identify it as Exploit.Win32.Generic.
On discovering it, they reported it to Google with the identifier CVE-2019-13720.
Google fixed the bug in Chrome 78.0.3904.87 for Windows, macOS and Linux. Just make sure you update to that version, or newer… ASAP!
To make sure you have the update, follow these steps :
- Click on the 3 vertical dots at the upper right corner of Chrome (Customise and control Google Chrome)
- Select Help > About Google Chrome.
- In the About Chrome page, it should say that you have Version 78.0.3904.87 or higher
- If not, Chrome will automatically start looking for, and installing the latest update
- Click Relaunch to restart Chrome.
- How AMD CPUs Work In A Secured-core PC Device!
- The Microsoft Secured-core PC Initiative Explained!
- Acronis True Image 2020 – Everything You Need To Know!
- The HUAWEI Trump Ban – Everything You Need To Know!
- Dimension Data Managed Cloud Platform Enhanced With Cisco Solutions!
- Kaspersky Selects Malaysia For APAC Transparency Center!
- Why Cybersecurity Is Critical For Industry 4.0 Success
- Why AI Digital Intuition Will Deliver Cyberimmunity By 2050!
- Kaspersky Travel Scam Alert + Advisory For The Holidays!
- Incident Response – Five Key Factors CISOs Should Consider!
- The 2019 Kaspersky Cybersecurity Report – Key Findings + Advice!
- The 2019 Kaspersky ICS CERT Report + Recommendations!
- How To Deal With The Momo Challenge + Hype!
- The AndOwningIt Campaign By Kaspersky Lab + The Mix!
- Kaspersky Lab Warns Of Malicious Cryptocurrency Mining!
- Kaspersky Lab Tips On Staying Safe While Shopping Online!
Go Back To > Cybersecurity | Software | Home
Support Tech ARP!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!