Google Shares New Information About Vulnerabilities Found In Chrome

Posted by

Google security scientists are sharing brand-new info about vulnerabilities detected in Chrome, Firefox, and Windows.

In a blog post, Google and Threat Analysis Group (TAG) information steps taken because discovering a commercial spyware operation with ties to Variston IT.

Based in Barcelona, Spain, Variston IT claims to supply customized security services. However, the business is linked to an exploitation framework called “Heliconia.”

Heliconia works in 3 ways:

  • It exploits a Chrome renderer bug to run malware on a user’s operating system.
  • It deploys a destructive PDF document consisting of an exploit for Windows Defender.
  • It makes use of a set of Firefox exploits for Windows and Linux devices.

The Heliconia exploit was used as early as December 2018 with the release of Firefox 64.

New info launched by Google reveals Heliconia was likely utilized in the wild as a zero-day exploit.

Heliconia positions no threat to users today, as Google states it can not identify active exploitation. Google, Mozilla, and Microsoft repaired the bugs in early 2021 and 2022.

Although Heliconia is covered, commercial spyware is a growing issue, Google says:

“TAG’s research underscores that the business surveillance market is prospering and has broadened substantially over the last few years, creating risk for Web users around the globe. Commercial spyware puts advanced monitoring capabilities in the hands of governments who use them to spy on journalists, human rights activists, political opposition and dissidents.”

To safeguard yourself versus Heliconia and other exploits like it, it’s essential to keep your internet browsers and operating system approximately date.

TAG’s research study into Heliconia is available in Google’s brand-new article, which Google is publishing to raise awareness about the danger of business spyware.

Source: Google

Included Image: tomfallen/Best SMM Panel