CVE-2019-13720: new Chrome 0-day bug exploited in the wild

Yesterday, Google engineers released an urgent update for the Chrome browser to patch an actively exploited zero-day.

The release of Chrome 78.0.3904.87 fix two high severity vulnerabilities, one affecting Chrome’s audio component (CVE-2019-13720) while the other resides in the PDFium (CVE-2019-13721) library, and both could enable remote attackers to gain privileges just by convincing targeted users into visiting a malicious website, allowing them to escape sandbox protections and run arbitrary malicious code.

Kaspersky researchers Anton Ivanov and Alexey Kulaev discovered that the audio component issue is already exploited in a campaign dubbed Operation WizardOpium: some “very weak code similarities” suggest a possible connection to the Lazarus Group, a threat actor linked to North Korea.

so…

UPDATE!

References

Related posts

  1. Achilles: over 400 vulnerabilities found on Qualcomm’s Snapdragon chip
  2. SIGRed: a 17-year-old wormable vulnerability in Windows DNS server
  3. Weekly Privacy Roundup #11
  4. Weekly Cybersecurity Roundup #11
  5. Beware! A simple wallpaper image can brick your Android device