Security News > 2022 > March > Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch

North Korean threat actors exploited a remote code execution zero-day vulnerability in Google's Chrome web browser weeks before the bug was discovered and patched, according to researchers.

Google TAG now revealed it believes two threat groups-the activity of which has been publicly tracked as Operation Dream Job and Operation AppleJeus, respectively-exploited the flaw as early as Jan. 4 in "Campaigns targeting U.S. based organizations spanning news media, IT, cryptocurrency and fintech industries," according to a blog post published Thursday by Google TAG's Adam Weidemann.

Google TAG also observed fake websites-already set up to distribute trojanized cryptocurrency applications-that hosted malicious iframes pointing their visitors to the exploit kit, Weidemann wrote.

Researchers managed to recover key aspects of the functionality of the exploit kit used in both campaigns, which employed multiple stages and components to target users.

If the data sent to the server met a set of unknown requirements, the client would be served a Chrome RCE exploit and some additional javascript.

Researchers were unable to recover the stages of exploit that followed the initial RCE because attackers took care to protect their exploits, deploying various safeguards, Weidemann said.

News URL

https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/