Before the company corrected an RCE bug discovered in February, two separate campaigns from different threat actors targeted customers with the same exploit kit for more than a month.
On Feb. 10, the Google Threat Analysis Group (TAG) found the issue, which was assigned the number CVE-2022-0609, and reported and patched it four days later as part of an upgrade. An exploit for the flaw-a use-after-free vulnerability in Chrome’s animation component-was already in the wild, according to researchers at the time.