Windows, Chrome Zero-Days Chained in Operation WizardOpium Attacks

[correlate] · Dec 11, 2019

Zero-day vulnerabilities in Google Chrome and Microsoft Windows were used to download and install malware onto Windows computers that visited a Korean-language news portal.
A zero-day vulnerability is one that is known, but not patched by the developers in charge of patching the vulnerability. These zero-day vulnerabilities are particularly dangerous as they can be used by state-sponsored attackers to perform malicious activity on vulnerable devices.

Windows, Chrome Zero-Days Chained in Operation WizardOpium Attacks

Zero-day vulnerabilities in Google Chrome and Microsoft Windows were used last month to download and install malware onto Windows computers when visiting a Korean-language news portal.

www.bleepingcomputer.com

Antus67 · Dec 11, 2019

I switched to Chrome Browser thanks for this article very informative

[correlate] · Dec 11, 2019

Antus67 said:
I switched to Chrome Browser thanks for this article very informative

I am glad to hear that.

Antus67

upnorth · Dec 11, 2019

Both of these vulnerabilities have now been patched and this exploit chain is broken.

shmu26 · Dec 14, 2019

It was patched already, as mentioned by @upnorth, but even before that, it required a prior infection in order to work.
"The one caveat is that to exploit the flaw, an attacker would need to have previously compromised the system using another vulnerability "

Microsoft Zaps Actively Exploited Zero-Day Bug

December 2019's relatively light Patch Tuesday update also fixes seven critical flaws.

threatpost.com

So clean computers were not at risk; only previously infected ones were. It smells like another episode in the series of targeted attacks against South Korean diplomats.

Search

Search

Windows, Chrome Zero-Days Chained in Operation WizardOpium Attacks

[correlate]

Level 18