Google Shares New Details About Vulnerabilities Found In Chrome

Posted by

Google security scientists are sharing new details about vulnerabilities found in Chrome, Firefox, and Windows.

In a blog post, Google and Threat Analysis Group (TAG) information steps taken since discovering an industrial spyware operation with ties to Variston IT.

Based in Barcelona, Spain, Variston IT claims to provide customized security services. However, the company is connected to an exploitation structure called “Heliconia.”

Heliconia operates in three ways:

  • It exploits a Chrome renderer bug to run malware on a user’s operating system.
  • It deploys a harmful PDF document containing an exploit for Windows Defender.
  • It utilizes a set of Firefox exploits for Windows and Linux devices.

The Heliconia exploit was used as early as December 2018 with the release of Firefox 64.

New details launched by Google reveals Heliconia was most likely utilized in the wild as a zero-day make use of.

Heliconia presents no threat to users today, as Google states it can not detect active exploitation. Google, Mozilla, and Microsoft repaired the bugs in early 2021 and 2022.

Although Heliconia is patched, industrial spyware is a growing problem, Google states:

“TAG’s research highlights that the industrial surveillance industry is prospering and has actually expanded substantially over the last few years, creating danger for Web users around the world. Business spyware puts sophisticated monitoring capabilities in the hands of federal governments who use them to spy on journalists, human rights activists, political opposition and dissidents.”

To secure yourself against Heliconia and other exploits like it, it’s essential to keep your internet browsers and running system as much as date.

TAG’s research study into Heliconia is offered in Google’s new blog post, which Google is publishing to raise awareness about the danger of business spyware.

Source: Google

Included Image: tomfallen/Best SMM Panel