Some of these attacks consisted of luring security researchers to a blog where the attackers exploited browser zero-days to run malware on researchers' systems.
In a report on January 28, Microsoft said that attackers most likely used a Chrome zero-day for their attacks. In a report published today, South Korean security firm said they discovered an Internet Explorer zero-day used for these attacks as well.
Google did not say today if the CVE-2021-21148 zero-day was used in these attacks, although many security researchers believe it was so due to the proximity of the two events.
But despite how this zero-day was exploited, regular users are advised to use Chrome's built-in update feature to upgrade their browser to the latest version as soon as possible. This can be found via the Chrome menu, Help option, and About Google Chrome section.
Before today's patches, Google went through a spell last year where it patched five actively-exploited Chrome zero-days in a span of three weeks.