What is the Vulnerability?

 

Weakness, flow or entry point in application or network which help us an attacker to enter into system.

 

What is zero day?

 

When the attack / vulnerability is not having patch for it. Or time taken for patching or fixing.

 

About google chrome zero-day vulnerability in below versions of 78.0.3904.87

 

Bad news for chrome users from security prospective, there’s a Zero-day bug in the chrome browser.
Hackers are actively exploiting to hijack your computer through this. Below two issues are being targeted
on users after free vulnerabilities affecting chrome on following:

 

1. Chrome Audio Component
2. Chrome PDFium library

 

In latest attack is a classify memory corruption issue that allows corruption or modification of data and
memory enabling an unprivileged user to escalate privileges on infected system or software. Attacker can
attack on Remote attack just by convincing targeted user to visit a malicious website allowing them to
escape the sandbox protection and run malicious code on their system. Basically, using chrome in such a
vulnerable state is providing attacker to take over your machine. One of these vulnerabilities (CVE-
2019-13720) was detected in exploits with CVSS score of 7.5 high Vector:

 

CVE-2019-13720
CVSS – 7.5 HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

 

Anton Ivanov and Alexey Kulaev, two researchers at Kaspersky, were credited for reporting the zero-day
exploit on October 29. The second vulnerability was uncovered by bug hunter banana penguin, who
received a $7,500 bounty.

 

The Open Web Application Security Project (OWASP) lists the following causes for a UAF glitch, which are also valid for other memory-related issues like double-free errors and leaks:

 

1. Error conditions and other exceptional circumstances
2. Confusion over which part of the program is responsible for freeing the memory

 

How to protect yourself?

 

Google as aware of the issues has released a patch any vulnerabilities.The stable channel has been
updated to 78.0.3904.87 for Windows, Mac, and Linux, which will roll out over the coming days/weeks,&
Google wrote in its blog post.

 

Now users can see an update arrow will appear in the top-right corner of your browser. Press on that
button as soon as it arrives. Update can be down manually also by selecting Settings >About Chrome.
Relaunch the browser once the update in completed, Hence forth you should be safe from these
vulnerabilities.

Author 

Davinder Singh
IT Security Consultant
Triad square Infosec Pvt ltd

 

WhatsApp WhatsApp us
Bitnami