A new Zero-day vulnerability dubbed as “CVE-2019-13720” has been discovered in Google Chrome by the Russian cyber-security firm Kaspersky and they had reported the same to Google. Now, it has been patched by the engineers of Google as they released a new update 78.0.3904.87 for Windows, Mac, and Linux to fix it.
In their recent blog post regarding this update, they have revealed that they knew about the zero-day vulnerability in the wild and also appreciated the help of the security researchers for reaching out to them.
“The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors,” stated Anton Ivanov, Security Expert at Kaspersky.
A zero-day vulnerability is previously unknown software bugs or flaws in a system that has been known but not yet patched. This is possibly the high time for the attackers to exploit this flaw and cause heavy damage to the system, even cause the program to collapse.
The Kaspersky called these attacks “Operation Wizard Opium” and found certain similarities in the code which point toward the attacks done by North Korean cybercriminal group Lazarus from before. The new exploit has been confirmed to have targeted a Korean Language news portal. Moreover, the users have also been advised to keep updating the latest version of the browser.