Google claims spyware vendor exploited bugs in Chrome, Firefox, Windows
Researchers at Google’s Threat Analysis Group (TAG) claim a Barcelona-based company has managed to exploit several zero-day vulnerabilities in Windows Defender, and the Chrome and Firefox browsers, with the intention of planting spyware.
While Google hasn’t shared if the exploits were used as part of a targeted attack on a particular company or country, the popularity of the exploited software makes the development worrying for everyone.
According to StatCounter, the Google Chrome browser dominates the browser market in the MENA region, with over 68 percent market share in the UAE, over 60 percent in Saudi Arabia, and over 84 percent in Turkey.
Read more: You’ll soon be able to pay for Google’s Cloud Services with crypto
Sharing their findings on the exploitation framework, named Heliconia, the TAG researchers pointed out that it included mature source code that wasn’t just capable of breaking into the popular software, but also provided the tools necessary to deploy a payload to a target device.
According to TAG, Google, Microsoft, and Mozilla fixed the Heliconia bugs in early 2021 and 2022.
However, the researchers admitted that while they’ve not seen the bugs being actively exploited in the wild, they fathom the bugs were likely utilized as zero-day exploits. The oft-repeated advice of keeping critical software, such as web browsers, updated, doesn’t hold up against zero-day exploits since even the software vendor isn’t aware of these bugs.
In fact, just last week, Google pushed out a new Chrome update to address a single high-severity security flaw. Interestingly, this was Chrome’s ninth zero-day exploit that the company has acknowledged as having been exploited in the wild, since the start of 2022.
Google researchers became aware of the Heliconia exploitation framework only after receiving three anonymous bug submissions to its Chrome bug reporting program.
“TAG analyzed the submissions and found they contained frameworks for deploying exploits in the wild and a script in the source code included clues pointing to the possible development of the exploitation frameworks, Variston IT,” claims TAG.
Google claims the findings of its researchers are significant since they highlight the extent to which commercial spyware vendors have developed capabilities that were once considered the exclusive domain of highly motivated threat agents with deep pockets and immense technical expertise.
“The growth of the spyware industry puts users at risk and makes the Internet less safe, and while surveillance technology may be legal under national or international laws, they are often used in harmful ways to conduct digital espionage against a range of groups,” concludes Google.