Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch


Before the company corrected an RCE bug discovered in February, two separate campaigns from different threat actors targeted customers with the same exploit kit for more than a month.

On Feb. 10, the Google Threat Analysis Group (TAG) found the issue, which was assigned the number CVE-2022-0609, and reported and patched it four days later as part of an upgrade. An exploit for the flaw-a use-after-free vulnerability in Chrome’s animation component-was already in the wild, according to researchers at the time.

Read More…