Kaspersky’s automated technologies have detected a new vulnerability in the Google Chrome web browser. Kaspersky reported the vulnerability, numbered CVE-2019-13720, to Google. A patch has been released against the vulnerability. After examining the proven concepts, Google confirmed that this is a zero-day vulnerability.

Software bugs that were previously unknown and could cause unexpected and serious damage to attackers are called zero-day vulnerabilities. The new exploit used in the attacks takes advantage of a snaring style on a Korean news portal. The malicious JavaScript code placed on the homepage uploads a profiling script to a remote site, examining various versions of the browser’s user login information to check whether it is possible to infect the victim’s system. Trying to exploit the error through the Google Chrome web browser, the script loaded with the vulnerability determines whether the browser version used is 65 or newer. The vulnerability provides attackers with a Use-After-Release (UaF) condition. This UaF condition is considered extremely dangerous as it can lead to code execution scenarios.

The detected vulnerability was used by Kaspersky experts in an operation called “WizardOpium”. Certain similarities in the code point to a possible link between this campaign and the Lazarus attacks. Also, the profile of the targeted website is similar to the profile detected in previous DarkHotel attacks. Similar spoofing attacks have recently been carried out at DarkHotel.

The detected vulnerability was detected by Vulnerability Prevention technology, which is included in most of Kaspersky’s products.