VERY IMPORTANT

Over the past several months, Google’s Threat Analysis Group (TAG) have discovered two Chrome renderer remote code execution 0-day exploits, CVE-2021-21166 and ​​CVE-2021-30551, which we believe to be used by the same actor. Both of these 0-days were delivered as one-time links sent by email to the targets, all of whom we believe were in Armenia. The links led to attacker-controlled domains that mimicked legitimate websites related to the targeted users. When a target clicked the link, they were redirected to a webpage that would fingerprint their device, collect system information about the client and generate ECDH keys to encrypt the exploits, and then send this data back to the exploit server.