Chrome Hit With Wizard's Wand - Update Browsers Now
By: Jim Stickley and Tina Davis
November 4, 2019
Some of us rarely closer our Chrome browsers. However, in the case of updates, all browsers need to be closed and re-opened so the new versions can take effect. In the past week, Google has advised all users to be sure to update their Chrome to version 78.0.3904.87 to prevent someone from taking advantage of a zero-day vulnerability found by researchers at Kaspersky.
The issue is a use-after-free memory corruption vulnerability that may allow modification of the memory data, potentially giving an attacker escalated privileges. Technical details can be found by looking up CVE-2019-13720. There is another one of note that is also addressed by the recent patch from Google. That is CVE-2019-13721.
In order to update your browser, click on Chrome -> About Google Chrome at the upper left of your screen. It will give you the information on the version you have and check for updates. Once it is updated, close and re-open the browser.
Always keep browsers and software updated. While zero-day issues cannot necessarily be stopped, by keeping all the products up to date, you are mitigating the risk of one hitting you. Once you know an update is available, apply it right away.
The attack associated with this is being called “Operation WizardOpium.” There is no definitive link to a hacking group, but researchers are seeing similarities of attacks perpetrated by Lazarus.