Google Chrome Zero-Day Exploit Delivered Spyware to Journalists
A serious vulnerability in the Chrome browser has been linked to an Israeli spyware company and its efforts to spy on journalists, according to findings from antivirus company Avast.
Earlier this month, Google patched the previously unknown vulnerability in Chrome, dubbed CVE-2022-2294(Opens in a new window), warning that someone was already exploiting the flaw to attack users.
It turns out an Israeli company called Candiru was likely exploiting the flaw to spy on journalists in Lebanon, according to Avast, which initially reported the threat to Google. On Thursday, the antivirus provider published a report(Opens in a new window) containing more details about the vulnerability, and how it was used to deliver a spyware package.
According to the report, Candiru has been targeting Avast users in Lebanon, Turkey, Yemen, and Palestine since March with an “updated toolset,” which includes zero-day exploits designed for Google’s Chrome browser. These zero-day exploits are particularly worrisome because they tap publicly unknown flaws in the software, leaving users vulnerable with no way to patch.
To target the journalists in Lebanon, Candiru allegedly compromised a legitimate website belonging to a news agency. The Israeli spyware company then rigged the site to reroute certain visitors to a web server capable of collecting about 50 data points from the victim’s computer, such as the language, timezone, browser plugins, and more.
If the collected data met certain requirements, the server would proceed to establish an encrypted channel with the victim’s computer to launch the Chrome zero-day vulnerability, CVE-2022-2294. The result can remotely execute malicious computer code on the victim’s browser.
Avast suspects Candiru
Read more on pcmag.com
