Threat actors recently took advantage of a zero-day flaw in the Google Chrome browser in order to serve malware to users via a compromised website, a report by Kaspersky shows. The vulnerability, tracked as CVE-2019-13720, affected Chrome for Windows, macOS and Linux. Google released a patch for the flaw and a second issue last Thursday.
Kaspersky said that threat actors compromised a Korean-language news website and embedded it with malicious code that would install malware on the machines of visitors who were using a vulnerable Chrome browser. This technique is known as a watering hole attack. The campaign, dubbed Operation WizardOpium, involved some “very weak code similarities” that may indicate a link with the notorious North Korean threat actor known as Lazarus Group. However, the researchers say it is not possible to confidently attribute the attack to Lazarus, especially because the discovered similarities may actually be false flags.
Read more: Chrome Zero-Day Vulnerability Exploited in Korea-Linked Attacks