Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Chrome Flaw Exploited by Israeli Spyware Firm Also Impacts Edge, Safari

A recently patched Chrome vulnerability that appears to have been exploited by an Israeli spyware company also impacts Microsoft’s Edge and Apple’s Safari web browsers.

A recently patched Chrome vulnerability that appears to have been exploited by an Israeli spyware company also impacts Microsoft’s Edge and Apple’s Safari web browsers.

Google announced on July 4 that it had released an update for Chrome 103 to patch a zero-day vulnerability tracked as CVE-2022-2294. The flaw has been described as a heap buffer overflow in WebRTC, an open source project designed for adding real-time communication capabilities to browsers and applications.

Cybersecurity company Avast, which informed Google about the vulnerability and its exploitation on July 1, revealed this week that the Chrome zero-day appears to have been exploited in targeted attacks linked to Candiru, an Israeli company that provides surveillance tools to government customers.

In the attacks exploiting CVE-2022-2294, the attacker analyzed compromised devices and only pushed the zero-day exploit to systems that were considered important. Once they gained access to the device, the hackers delivered DevilsTongue, a sophisticated malware that can allow its operators to steal a wide range of data from compromised systems.

Avast saw attacks being launched against journalists in Lebanon, as well as against targets in Turkey, Yemen and Palestine.

The WebRTC component affected by CVE-2022-2294 is also present in other Chromium-based browsers, such as Microsoft Edge, and it’s also used by Apple in Safari.

Microsoft released an update for Edge on July 6 to patch the vulnerability, and informed customers that the Chromium team had been made aware of an exploit in the wild.

Apple patched the vulnerability in Safari on macOS Big Sur, Catalina and Monterey on Wednesday, but the tech giant did not mention malicious exploitation.

Advertisement. Scroll to continue reading.

“While the exploit was specifically designed for Chrome on Windows, the vulnerability’s potential was much wider,” Avast said on Thursday. “We do not know if Candiru developed exploits other than the one targeting Chrome on Windows, but it’s possible that they did.”

Sophos has speculated that it’s possible that the bug is not easy to exploit in Safari, or Apple may have not mentioned active exploitation simply because there is no evidence of attacks targeting its browser.

There is no word from Mozilla on whether Firefox is also impacted by CVE-2022-2294. Mozilla did patch some WebRTC-related vulnerabilities in Firefox in the past.

Related: Google Issues Emergency Fix for Chrome Zero-Day

Related: Emergency Firefox Update Patches Two Actively Exploited Zero-Day Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...