Hello Mi Fan's!!!
This is an emergency notice for all Chrome users!!!
Google released an emergency update for Chrome that patches two new use-after-free vulnerabilities which include a zero-day bug that is actively exploiting in wide.
New stable channel update to Chrome 78.0.3904.87 released for Windows, Mac, and Linux.
Researchers from Kaspersky discovered an unknown zero-day exploit for chrome browser and they called it operation WizardOpiu. It’s exactly unknown about the actors who behind this attack, but the code similarities indicate that the attack might be linked with Lazarus group, an unknown team of hackers who are using Zero-days, spearphishing, malware, backdoors to attack various financial organization around the world.
The use-after-free vulnerability that tracked as CVE-2019-13720 is affected by the audio component of the web browser and the bug has been reported by Anton Ivanov and Alexey Kulaev at Kaspersky Labs. Another use-after-free vulnerability uncovered as CVE-2019-13721 was reported by bug hunter bananapenguin. Google rewarded a bounty of $7,500. The use-after-free vulnerability is a type of memory corruption flaw that can enable an attacker to corrupt memory to escalates the privilege and take over the complete control of the vulnerable system by executing the arbitrary code remotely.
Exploiting the Chrome Zero-day
hxxp://code.jquery.cdn.behindcorona[.]com and drops the anther script .charlie.XXXXXXXX.js that check the victim’s browser’s user aged to ensure that the system vulnerable to infect and also it tries to extract the browser name and version.
Downloaded browser exploit is complete obfuscation and it has later de-obfuscated by researchers, in which they learned that it made another request against the user agent’s string and the second time it checks that the browser version is 76 or 77. Researchers believe that “It could mean that the exploit authors have only worked on these versions (a previous exploitation stage checked for version number 65 or newer) or that other exploits have been used in the past for older Chrome versions.”
According to Kaspersky research ” The exploit used a race condition bug between two threads due to missing proper synchronization between them. It gives an attacker an a Use-After-Free (UaF) condition that is very dangerous because it can lead to code execution scenarios, which is exactly what happens in our case. “
Trigger the Use After Free Vulnerability
Once the exploit found the vulnerability victims, it immediately tries to trigger the UAF to perform an information leak about important 64-bit addresses.
It causes the following result to the attackers:
Along with this operation, it tries to perform various processes such as allocate/free memory and bunches of other operations give the attackers to read/write an arbitrary code and take the complete control of the system. The patch has already availed for all platforms such as Windows, Mac, and Linux. We recommend all the chrome users to immediately update the browsers and apply the patch to prevent this attack.
Be careful Guys!!!
In order to fulfill the basic functions of our service, the user hereby agrees to allow Xiaomi to collect, process and use personal information which shall include but not be limited to written threads, pictures, comments, replies in the Mi Community, and relevant data types listed in Xiaomi's Private Policy. By selecting "Agree", you agree to Xiaomi's Private Policy and Content Policy .