Google researchers have detailed campaigns by two North Korean government-backed groups that exploited a now-fixed Chrome flaw to target organizations across various industries.
Federal agencies have until March 1 to fix a pair of actively exploited flaws in Google Chrome and Adobe's Commerce and Magento platforms.
The use-after-free flaw (CVE-2021-4102) has been fixed in Chrome version 96.0.4664.110 for Windows, Mac and Linux. Learn more about it.
A threat actor has been deploying web browser credential stealers, an undocumented backdoor and new Google Chrome malicious extension in an ongoing campaign.
The two zero-day flaws were part of eight vulnerabilities patched this week in Google Chrome.