Kaspersky says zero-day vulnerabilities in Google Chrome and Microsoft Windows were used to download and install malware onto Windows computers that visited a Korean-language news portal. The attackers injected a JavaScript tag into the site that would execute malicious scripts in the visitor’s browser that would exploit a Google Chrome vulnerability. The attacks are called Operation WizardOpium and have been patched by Microsoft and Google Chrome. The attack chain is broken as both vulnerabilities have now been fixed in Chrome 78.0.3904.87.
Source: https://www.bleepingcomputer.com/news/security/windows-chrome-zero-days-chained-in-operation-wizardopium-attacks/