Shocking! Google reveals spyware hitting Chrome, Firefox, and Windows Defender

    Google reported that Heliconia exploitation frameworks are capable of deploying spyware on Chrome, Microsoft, and Mozilla.
    By: HT TECH
    | Updated on: Dec 02 2022, 21:53 IST
    Google BEST apps of 2022 announced! Check out Tablets, Chromebooks, Wear
    image caption
    1/5 Google says that 2022 marked the post-pandemic era for many across the world – and in India too, people once again opened themselves to the possibilities and experiences of the outside world while continuing to depend on digital solutions for support across many of their needs. (Unsplash)
    Chromebook
    2/5 The winner of the Best Chromebooks app is BandLab – Music Making Studio, which is a free music recording and leading social music creation platform with more than 50 million users worldwide. (Unsplash)
    image caption
    3/5 BandLab is an app that lets users share music, no matter their skill level or background. The app also has a multi-track Studio, a music maker that lets you record, edit, and remix your music. (Google Play Store)
    image caption
    4/5 The best Tablets apps is the ‘Pocket: Save. Read. Grow.’ This app will help to capture the content that comes at you all day long, and curate your own space filled with only the topics you care about. You can save the latest stories, articles, news, sports, and videos from any device, and any publisher or app. (Google Play Store)
    image caption
    5/5 Google announced the best for Wear apps is the "Todoist: to-do list & planner." The app is a delightfully simple yet powerful task planner. It will even provide a work-life balance kind of service. (Google Play Store)
    Google, Microsoft, Mozilla
    View all Images
    Google, Microsoft, and Mozilla fixed the commercial spyware-affected vulnerabilities in 2021 and early 2022. (Unsplash)

    Google Threat Analysis Group (TAG) has been a constant tracker of commercial spyware for many years. Now, TAG has reported that Variston IT, a company in Barcelona has sold spyware exploiting Chrome, Firefox, and Windows Defender vulnerabilities. Google explains that this commercial spyware puts advanced surveillance capabilities in the hands of governments who use them to spy on journalists, human rights activists, political opposition, and dissidents.

    These vulnerabilities were flagged as zero-days in the wild, but these were fixed by Google, Microsoft, and Mozilla in 2021 and early 2022. It explained that its Heliconia framework exploits n-day vulnerabilities and provides all necessary tools to attach the target device. “While we have not detected active exploitation, based on the research below, it appears likely these were utilized as zero-days in the wild,” Google mentioned in a blog post. Who all have been affected? Know here.

    Commercial spyware attac

    This Heliconia Noise exploited Google Chrome in versions version 90.0.4430.72 from April 2021 to version 91.0.4472.106 to June 2021. Google warned that this vulnerability could perform remote code execution. However, Google has already fixed this exploit back in August 2021.

    There was also Heliconia Soft, a web framework that uses a PDF containing a Windows Defender exploit. It was fixed in November 2021.

    And then there were the Heliconia Files which exploited Windows and Linux Firefox chains to commit remote code execution in Mozilla's browser. Google says that "The Heliconia exploit is effective against Firefox versions 64 to 68, suggesting it may have been in use as early as December 2018 when version 64 was first released."

    However, the good part is that the exploits mentioned in Google's TAG latest report no longer threaten any Chrome, Mozilla and Windows Defender users, if you have updated your device to the latest version. Hence, make sure that you keep your automatic updates on for your device and do it as soon as possible to avoid any attack of the vulnerability.

    Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

    First Published Date: 02 Dec, 21:52 IST
    NEXT ARTICLE BEGINS
    keep up with tech