High
A Google Chrome 0-day was first exploited in online attacks called Operation WizardOpium attacks ( the 0-day was assigned CVE-2019-13720). Google released Chrome version 78.0.3904.87 for Windows to patch this vulnerability.
Recently, WizardOpium has chained this Chrome 0-day with another Windows 0-day (CVE-2019-1458), which is being exploited to acquire privilege escalation on targeted systems by escaping the Chrome sandbox. This windows zero-day (Win32k) privilege escalation vulnerability has been patched in Microsoft December updates.