close
Written by Anthony Carballo
on November 04, 2019

Vulnerabilities are not unusual to Chrome, at least Google tries to address them quickly, the good news is that there is a patched version, the downside is that if you want it now, you have to do it manually. It does not matter whether you are using Windows, MacOS, or Linux, you need to update your web browsing software immediately to the latest version Google released earlier today.

One of these vulnerabilities is a zero-day type, and it is actively exploited in the wild. Google is warning users to install an imperative software update at the earliest convenience to patch these two high severity vulnerabilities found.

Known as 'use-after-free,' referencing to memory that after has been freed can be used for malicious purposes. This vulnerability is a class of memory corruption issues that allows corruption or modification of data in the memory, enabling an unprivileged user to escalate privileges on an affected system or software.

 

 

TTPs

The first vulnerability relates to PDF files, a use-after-free error in the PDFium component from Chrome. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error, and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise the vulnerable system.

 

The second vulnerability relies on HTML and the Chrome audio component that can load a malicious JavaScript.

The attack leverages a waterhole attack on a compromised Korean-language news portal. A malicious JavaScript code was inserted on the main page, which in turn, loads a profiling script from a remote site.

The exploit installs the first stage malware on the targeted vulnerable browser, which then connects to a remote Command-and-Control server to download a much more invasive and encrypted payload.

It can determinate whether it is a vulnerable version or no by running a simple but yet effective script.

If the browser version checks out, the script starts performing several AJAX requests to the attacker's C&C server, where a pathname points to the argument that is passed to the script. The first request is necessary to obtain some relevant information for further use. This information includes several hex-encoded strings that tell the script how many chunks of the actual exploit code should be downloaded from the server, as well as a URL to the image file that embeds a key for the final payload and the RC4 key to decrypt these chunks of the exploit's code.

 

 

Conclusions

The use-after-free issue is one of the most common vulnerabilities discovered and patched in the Chrome web browser in the past few months. Just over a month ago, Google released a critical security update for Chrome to patch a total of four 'use-after-free' vulnerabilities in different components of the web browser.

It is highly suggested that if you are using this Browser update it as soon as possible, Google has addressed both vulnerabilities in Google Chrome 78.0.3904.87 for Windows, Mac, and Linux. The update will eventually arrive automatically; however, if you follow our advice below, you can have the updated version in just seconds.

 

 

CVEs

These vulnerabilities are tracked under:

CVE-2019-13720

CVE-2019-13721

Severity:

Critical

Vulnerable Versions

All before the version 78.0.3904.87

 

 

Advice

To install the update, you need to go to chrome://settings/help you can copy this address and paste it into the browser bar, it will start automatically to update, after that, you need to relaunch the same.

 

TTPs: Tactics, techniques and procedures

CVEs: Common Vulnerabilities and Exposures

 

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Vulnerability

Dexphot - Why Your Antivirus Isn't Enough.

Security researchers at Microsoft have been tracking a new strain of cryptocurrency miner, they named it Dexphot, based ...

Vulnerability

Android Vulnerability - NFC exploitation

It was found in Android OS versions 8.0 & higher that the security warning message to install external apps does not pro...

Vulnerability Threat report

Threat Report: Sudo

A vulnerability has been identified in Sudo, a program for Unix computer operating systems that allows users to run prog...