In a post published on the official Google blog, Adam Weidemann of the Mountain View giant’s Trheat Analysis Group announced that the Chrome team has fixed a serious security vulnerability that has already been actively exploited since January 4, 2022.
According to what emerged, the flaw in question allowed malicious users to spy on people and take control of the devices on which the search engine was installed. Apparently, it had been exploited by two separate entities already known to those who observe the activities of cybercriminals: the groups are known as Operation Dream Job and Operation AppleJeus and are linked to the North Korean government.
Dream Job had exploited the flaw to target news organizations, domain registrars and providers, as well as software vendors. AppleJesus instead focused on cryptocurrencies and fintech. Just a few days ago on these pages, we published a report according to which North Korea would be the leading nation in terms of crypto theft, with 400 million dollars stolen in 2021 alone.
The attacks occurred through some websites where an iframe was hidden that exploited bugs and allowed remote code execution. For this reason, we recommend that you update your browser immediately. Among other things, a new version of Chrome for Mac M1 was also recently launched.