In order to fulfill the basic functions of our service, the user hereby agrees to allow Xiaomi to collect, process and use personal information which shall include but not be limited to written threads, pictures, comments, replies in the Mi Community, and relevant data types listed in Xiaomi's Private Policy. By selecting "Agree", you agree to Xiaomi's Private Policy and Content Policy .
Agree

Tech

[News] [ Emergency Alert!! ⚠️ ] Hackers Actively Exploiting Chrome Zero-day Bug in Wide – Update Now

2019-11-02 06:10:24
1134 14

Hello Mi Fan's!!!

This is an emergency notice for all Chrome users!!!

Google released an emergency update for Chrome that patches two new use-after-free vulnerabilities which include a zero-day bug that is actively exploiting in wide.

New stable channel update to Chrome 78.0.3904.87 released for Windows, Mac, and Linux.

Researchers from Kaspersky discovered an unknown zero-day exploit for chrome browser and they called it operation WizardOpiu. It’s exactly unknown about the actors who behind this attack, but the code similarities indicate that the attack might be linked with Lazarus group, an unknown team of hackers who are using Zero-days, spearphishing, malware, backdoors to attack various financial organization around the world.

The use-after-free vulnerability that tracked as CVE-2019-13720 is affected by the audio component of the web browser and the bug has been reported by Anton Ivanov and Alexey Kulaev at Kaspersky Labs. Another use-after-free vulnerability uncovered as CVE-2019-13721 was reported by bug hunter bananapenguin. Google rewarded a bounty of $7,500. The use-after-free vulnerability is a type of memory corruption flaw that can enable an attacker to corrupt memory to escalates the privilege and take over the complete control of the vulnerable system by executing the arbitrary code remotely.

Exploiting the Chrome Zero-day

Researchers initial uncovered malicious activities that leverage the waterhole type injection in the Korean site where the attacker inserts a weaponized javascript code on the main page.

The Javascript code load another remote script from the website

hxxp://code.jquery.cdn.behindcorona[.]com and drops the anther script .charlie.XXXXXXXX.js that check the victim’s browser’s user aged to ensure that the system vulnerable to infect and also it tries to extract the browser name and version.

“If the script found that the system browser is vulnerable then it tries to exploit the bug in Google Chrome browser and the script checks if the version is greater or equal to 65 “ Later the malicious javascript establishes a connection to the remote server and downloads the bunches of chunks of the exploit code. Once its all downloaded then the RC4 script decrypts the chunks where the attacker gets the new JavaScript code containing the full browser exploit.


Downloaded browser exploit is complete obfuscation and it has later de-obfuscated by researchers, in which they learned that it made another request against the user agent’s string and the second time it checks that the browser version is 76 or 77. Researchers believe that “It could mean that the exploit authors have only worked on these versions (a previous exploitation stage checked for version number 65 or newer) or that other exploits have been used in the past for older Chrome versions.”

According to Kaspersky research ” The exploit used a race condition bug between two threads due to missing proper synchronization between them. It gives an attacker an a Use-After-Free (UaF) condition that is very dangerous because it can lead to code execution scenarios, which is exactly what happens in our case. “

Trigger the Use After Free Vulnerability

Once the exploit found the vulnerability victims, it immediately tries to trigger the UAF to perform an information leak about important 64-bit addresses.

It causes the following result to the attackers:

  • 1) if an address is leaked successfully, it means the exploit is working correctly;
  • 2) a leaked address is used to know where the heap/stack is located and that defeats the address space layout randomization (ASLR) technique;
  • 3) a few other useful pointers for further exploitation could be located by searching near this address.

Along with this operation, it tries to perform various processes such as allocate/free memory and bunches of other operations give the attackers to read/write an arbitrary code and take the complete control of the system. The patch has already availed for all platforms such as Windows, Mac, and Linux. We recommend all the chrome users to immediately update the browsers and apply the patch to prevent this attack.

Source
Be careful Guys!!!
2019-11-02 06:10:24
Favorites4 RateRate

Master Bunny

Peter666 | from Redmi 5A

#1

OK!
2019-11-02 07:36:21
NÉMESIS

Resource Team

MGJ_1997 | from Redmi 3S

#2

Thanks for sharing...
2019-11-02 08:12:37

Master Bunny

Andrea3777 | from Mi MIX 2S

#3

Really appreciate.
Thanks.
2019-11-02 08:27:30

Advanced Bunny

Anrehon | from app

#4

Ty for info
2019-11-02 09:21:52

Master Bunny

myrichgoh | from MI 8

#5

Thanks for sharing...
2019-11-02 09:44:19

Wizard Bunny

Ian Adoe | from Redmi Note 5A Prime

#6

Ok, thanks for the alert...

2019-11-02 09:49:39

Master Bunny

Ghedeon | from Redmi 6 Pro

#7

Thanks for warning!
2019-11-02 10:48:19
Thanks for sharing.
2019-11-02 11:21:25

Pro Bunny

DragonHelpers | from MI 9

#9

great information, thank you for sharing
2019-11-02 12:14:29

Semi Pro Bunny

nygyorgy | from Redmi Note 8 Pro

#10

Thank you
2019-11-02 12:19:03
please sign in to reply.
Sign In Sign Up

ᎮᏒᎥᏁፈᏋ

News Reporter

Aktywny 3 dni pod rząd
Aktywny 7 dni pod rząd
Aktywny 21 dni pod rząd
Aktywny 40 dni pod rząd
Aktywny 70 dni pod rząd
Aktywny 100 dni pod rząd
10k
New Home
10k Mi Fans
Redmi Note 7
Cast Away
20K Mi Fans
30K Members
Mi Love U & I
Limited Edition Space Medal
Bunny Winner
20K Mi Fans
Mi 9 & Mi 9 SE
70K Fans
Android Q
2 años
Mother's Day
Día de las Madres
Best Mi
Happy Mother's Day
Android Q
50K Mi Fans
Mobile Photography Lover
X-MEN. Desata tu poder
25K
Favorite X-Men
Medalla X-Men: Bestia
Medalla X-Men: Cíclope
X-Men: Mística
Medalla X-Men: Magneto
70K Mi Fans
Challenger
40K Registered Users
Eid Mubarak
Eid ul-Fitr Mubarak
Brain Teaser
X-Men Favorite Medal
Perfil Personalizado
80K Mi Fans
200k Member
Tech Talent
Orgullo
100K Mi Fans
Selfie Day
50K Users
Mi 9T
Medalla Mi Community
MIUI Geek
Fortune 500
Fortune 500
Three's A Party
Happy July
Mi 9T
Global Fans
My Country My Pride
Redmi 7A
Fortune Global 500
FORTUNEGLOBAL500
Mi 9 SE
60K Registered Users
Like
Check in
Reply
Favorites
Post
FortuneGlobal500
Profile Medal
Eid Al-Adha Mubarak
9YearsWithMIUI
Fortune Global 500
MIUI 9th Birthday
Global Community
70K
У які ігри ви граєте найбільше?
Global Community
Mejor Contenido Agosto
Mi A3
MIUI Weekly Poll
80K Medal
Medalla Encuesta Mi Phone
80K
wallpaper votes
500
Redmi 7A
better together slogan
Global Community
device poll
better together with friends
games discuss
Puzzle Master
Mid-Autumn Festival
90K Registered Users
Super Monday
100K
200K Mi Fans
Christmas
2020 Medal
400K Mi Fans
300K Mi Fans
2020
2020
500K Mi Fans
MIUI 11
close up
All-Star Battle

Read moreGet new
Copyright©2010-2020 Xiaomi.com, All Rights Reserved
Content Policy
Quick Reply To Top Return to the list