Security News > 2022 > March > Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch

North Korean threat actors exploited a remote code execution zero-day vulnerability in Google's Chrome web browser weeks before the bug was discovered and patched, according to researchers.
Google TAG now revealed it believes two threat groups-the activity of which has been publicly tracked as Operation Dream Job and Operation AppleJeus, respectively-exploited the flaw as early as Jan. 4 in "Campaigns targeting U.S. based organizations spanning news media, IT, cryptocurrency and fintech industries," according to a blog post published Thursday by Google TAG's Adam Weidemann.
Google TAG also observed fake websites-already set up to distribute trojanized cryptocurrency applications-that hosted malicious iframes pointing their visitors to the exploit kit, Weidemann wrote.
Researchers managed to recover key aspects of the functionality of the exploit kit used in both campaigns, which employed multiple stages and components to target users.
If the data sent to the server met a set of unknown requirements, the client would be served a Chrome RCE exploit and some additional javascript.
Researchers were unable to recover the stages of exploit that followed the initial RCE because attackers took care to protect their exploits, deploying various safeguards, Weidemann said.
News URL
https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)