Google, the tech giant, had discovered a significant bug issue with one of its products on dank Halloween night. On October 31st, the team was informed by Kaspersky security team about a zero-day bug that’s exploiting its browser Chrome.
The bug referred to as CVE-2019-13720, is a Use-after-free in audio. This is reported by Anton Ivanov and Alexey Kulaev at Kaspersky Labs on 2019-10-29.
Though the players behind this exploitation are still unknown, the code formations clue to a North Korean cybercrime team called Lazarus Group. They actively involve in Malware disinformation, droppers, Zero days, spearphishing etc. The team, by tracing back, has found these attacks are named as Operation WizardOpiu.
Another vulnerability named CVE-2019-13721, which is a use-after-free in PDFium is reported by a researcher called banananapenguin on 2019-10-12. These two are said to be fixed in Chrome’s latest update of version 78.0.3904.87. Google noted that the bug details and links may be kept restricted until a majority of users are updated with a fix.
What’s a Zero Day on Chrome Browser?
In computer jargon, a Zero-day is a day when a software vulnerability is found in the network and isn’t addressed by those who should be concerned. Here, the Chrome developers are the ones who should be concerning of such bugs and they aren’t aware until Halloween night. Starting from Day Zero, it should be fixed as soon as possible to restrict the hacker in affecting much of the product.
Finally, the Google team thanked all security researchers that worked with them during the development cycle to prevent security bugs from ever reaching the stable channel.
Source: Chrome Releases