Security News > 2022 > March > Chrome Zero-Day from North Korea
North Korean hackers have been exploiting a zero-day in Chrome.
The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups.
The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users.
If a set of unknown requirements were met, the client would be served a Chrome RCE exploit and some additional javascript.
We unfortunately were unable to recover any of the stages that followed the initial RCE. Careful to protect their exploits, the attackers deployed multiple safeguards to make it difficult for security teams to recover any of the stages.
The exploit kit would AES encrypt each stage, including the clients' responses with a session-specific key.
News URL
https://www.schneier.com/blog/archives/2022/03/chrome-zero-day-from-north-korea.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |