Google Shares New Info About Vulnerabilities Found In Chrome

Posted by

Google security researchers are sharing new info about vulnerabilities discovered in Chrome, Firefox, and Windows.

In a post, Google and Threat Analysis Group (TAG) detail steps taken because discovering a commercial spyware operation with ties to Variston IT.

Based in Barcelona, Spain, Variston IT declares to provide customized security services. However, the company is connected to an exploitation framework called “Heliconia.”

Heliconia operates in three ways:

  • It makes use of a Chrome renderer bug to run malware on a user’s operating system.
  • It deploys a harmful PDF document containing a make use of for Windows Protector.
  • It makes use of a set of Firefox exploits for Windows and Linux devices.

The Heliconia make use of was used as early as December 2018 with the release of Firefox 64.

New information released by Google exposes Heliconia was most likely used in the wild as a zero-day make use of.

Heliconia poses no danger to users today, as Google says it can not find active exploitation. Google, Mozilla, and Microsoft repaired the bugs in early 2021 and 2022.

Although Heliconia is patched, industrial spyware is a growing issue, Google states:

“TAG’s research study highlights that the commercial surveillance industry is growing and has expanded significantly recently, producing threat for Web users around the globe. Business spyware puts advanced surveillance capabilities in the hands of governments who use them to spy on reporters, human rights activists, political opposition and dissidents.”

To safeguard yourself versus Heliconia and other exploits like it, it’s necessary to keep your web browsers and running system as much as date.

TAG’s research into Heliconia is readily available in Google’s brand-new post, which Google is publishing to raise awareness about the threat of business spyware.

Source: Google

Included Image: tomfallen/Best SMM Panel