Hacked corporate sites and news blogs running using WordPress CMS are being used by attackers to deliver malware that allows them to drop second-stage payloads such as keyloggers, info stealers, and Trojans. These landing pages are designed to look like a legitimate Google Chrome update page and instruct potential victims to download an update for their browser. Instead of a Chrome update, the targets will download malware installers that will infect their devices and allow operators behind this campaign to take control of their computers remotely.
Source: https://www.bleepingcomputer.com/news/security/malware-disguised-as-google-updates-pushed-via-hacked-news-sites/