Security News > 2022 > March > Chrome Zero-Day from North Korea
North Korean hackers have been exploiting a zero-day in Chrome.
The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups.
The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users.
If a set of unknown requirements were met, the client would be served a Chrome RCE exploit and some additional javascript.
We unfortunately were unable to recover any of the stages that followed the initial RCE. Careful to protect their exploits, the attackers deployed multiple safeguards to make it difficult for security teams to recover any of the stages.
The exploit kit would AES encrypt each stage, including the clients' responses with a session-specific key.
News URL
https://www.schneier.com/blog/archives/2022/03/chrome-zero-day-from-north-korea.html
Related news
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
- North Korea’s fake tech workers now targeting European employers (source)
- North Korea ramps up cyberspying in Ukraine to assess war risk (source)
- Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |