Google warns users of state-owned threat actors based in North Korea

Google Chrome is one of the most widely used browsers on the planet with billions of users. With that kind of use base, cybersecurity is definitely one of the concerns.

Google recently warned its users about the incoming exploits coming from state-sponsored hackers from North Korea. The vulnerability was detected by the Threat Analysis Group (TAG) on January 4th this year when they found out about an exploit kit deployed on the browser.

The tech giant reported another instance of an attempt on February 10 but from a different North Korean hacking team.

As the report reads, these hackers were particularly targeting fintech outlets, U.S.-based news, cryptocurrency, and IT establishments.

Google finally released a patch on February 14 to plug the vulnerability.

How does the Chrome exploit kit work?

Google warns users of state-owned threat actors based in North Korea

As per how the exploit would happen, users would receive emails from hackers disguised as job aggregators like Oracle, Google, and Disney.

Here, the attacker’s website would act as a duplicate site resembling that of Indeed or ZipRecruiter where the victim could open the links with a hidden iframe located on it.

Apparently, the exploit kit on the targeted system will collect all the data regarding user-agent, resolution, and others.

The data is set to the exploitation server where the Chrome RCE will be analyzed and if successful, it will trigger a script called ‘SBX’. The hackers are using state-of-the-art methods such as using AES-based encryption during exploitation steps, using iframe to open during time slots when the user is expected to visit a website, etc.

For now, Google has released the remote code execution (RCE) vulnerability as of February 14th. The users are required to update their browsers to get the latest patch installed on their systems.

How To Update Google Chrome Web browser?

The easiest way to safeguard yourself from any bugs or threats is to update the Google Chrome web browser. Here’s how you can do it.

  • First up, launch Google Chrome on your PC.
  • Next up, tap on the three vertically stacked dots on the URL bar on the extreme-right corner which will open a bunch of options.
  • Select ‘Settings’ from the same and proceed to ‘About Chrome’.
  • Check whether your web browser has received any updates or not. If yes, download and install it.