Vulnerabilities are not unusual to Chrome, at least Google tries to address them quickly, the good news is that there is a patched version, the downside is that if you want it now, you have to do it manually. It does not matter whether you are using Windows, MacOS, or Linux, you need to update your web browsing software immediately to the latest version Google released earlier today.
One of these vulnerabilities is a zero-day type, and it is actively exploited in the wild. Google is warning users to install an imperative software update at the earliest convenience to patch these two high severity vulnerabilities found.
Known as 'use-after-free,' referencing to memory that after has been freed can be used for malicious purposes. This vulnerability is a class of memory corruption issues that allows corruption or modification of data in the memory, enabling an unprivileged user to escalate privileges on an affected system or software.
The first vulnerability relates to PDF files, a use-after-free error in the PDFium component from Chrome. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error, and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise the vulnerable system.
The exploit installs the first stage malware on the targeted vulnerable browser, which then connects to a remote Command-and-Control server to download a much more invasive and encrypted payload.
It can determinate whether it is a vulnerable version or no by running a simple but yet effective script.
If the browser version checks out, the script starts performing several AJAX requests to the attacker's C&C server, where a pathname points to the argument that is passed to the script. The first request is necessary to obtain some relevant information for further use. This information includes several hex-encoded strings that tell the script how many chunks of the actual exploit code should be downloaded from the server, as well as a URL to the image file that embeds a key for the final payload and the RC4 key to decrypt these chunks of the exploit's code.
The use-after-free issue is one of the most common vulnerabilities discovered and patched in the Chrome web browser in the past few months. Just over a month ago, Google released a critical security update for Chrome to patch a total of four 'use-after-free' vulnerabilities in different components of the web browser.
It is highly suggested that if you are using this Browser update it as soon as possible, Google has addressed both vulnerabilities in Google Chrome 78.0.3904.87 for Windows, Mac, and Linux. The update will eventually arrive automatically; however, if you follow our advice below, you can have the updated version in just seconds.
These vulnerabilities are tracked under:
All before the version 78.0.3904.87
To install the update, you need to go to chrome://settings/help you can copy this address and paste it into the browser bar, it will start automatically to update, after that, you need to relaunch the same.
TTPs: Tactics, techniques and procedures
CVEs: Common Vulnerabilities and Exposures