March 25, 2022 By Elizabeth Montalbano
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.
North Korean threat actors exploited a remote code execution (RCE) zero-day vulnerability in Google’s Chrome web browser weeks before the bug was discovered and patched, according to researchers.
Google Threat Analysis Group (TAG) discovered the flaw, tracked as CVE-2022-0609, on Feb. 10, reporting and patching it four days later as part of an update. Researchers said at the time that an exploit for the flaw–a use-after-free vulnerability in Chrome’s animation component–already existed in the wild.
