Security News > 2022 > March > Chrome Zero-Day from North Korea
North Korean hackers have been exploiting a zero-day in Chrome.
The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups.
The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users.
If a set of unknown requirements were met, the client would be served a Chrome RCE exploit and some additional javascript.
We unfortunately were unable to recover any of the stages that followed the initial RCE. Careful to protect their exploits, the attackers deployed multiple safeguards to make it difficult for security teams to recover any of the stages.
The exploit kit would AES encrypt each stage, including the clients' responses with a session-specific key.
News URL
https://www.schneier.com/blog/archives/2022/03/chrome-zero-day-from-north-korea.html
Related news
- North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation (source)
- Google patches third exploited Chrome zero-day in a week (source)
- Google fixes third actively exploited Chrome zero-day in a week (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |