Windows, Chrome Zero-Days Chained in Operation WizardOpium Attacks

[[correlate]]

Content source

https://www.bleepingcomputer.com/news/security/windows-chrome-zero-days-chained-in-operation-wizardopium-attacks/

Zero-day vulnerabilities in Google Chrome and Microsoft Windows were used to download and install malware onto Windows computers that visited a Korean-language news portal.
A zero-day vulnerability is one that is known, but not patched by the developers in charge of patching the vulnerability. These zero-day vulnerabilities are particularly dangerous as they can be used by state-sponsored attackers to perform malicious activity on vulnerable devices.

Windows, Chrome Zero-Days Chained in Operation WizardOpium Attacks

Zero-day vulnerabilities in Google Chrome and Microsoft Windows were used last month to download and install malware onto Windows computers when visiting a Korean-language news portal.

www.bleepingcomputer.com

 

[Antus67]

I switched to Chrome Browser thanks for this article very informative

 

[[correlate]]

I switched to Chrome Browser thanks for this article very informative

I am glad to hear that.
Antus67

 

[upnorth]

Both of these vulnerabilities have now been patched and this exploit chain is broken.

 

[shmu26]

It was patched already, as mentioned by @upnorth, but even before that, it required a prior infection in order to work.
"The one caveat is that to exploit the flaw, an attacker would need to have previously compromised the system using another vulnerability "

Microsoft Zaps Actively Exploited Zero-Day Bug

December 2019's relatively light Patch Tuesday update also fixes seven critical flaws.

threatpost.com

So clean computers were not at risk; only previously infected ones were. It smells like another episode in the series of targeted attacks against South Korean diplomats.