Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Chrome Flaw Exploited by Israeli Spyware Firm Also Impacts Edge, Safari

A recently patched Chrome vulnerability that appears to have been exploited by an Israeli spyware company also impacts Microsoft’s Edge and Apple’s Safari web browsers.

A recently patched Chrome vulnerability that appears to have been exploited by an Israeli spyware company also impacts Microsoft’s Edge and Apple’s Safari web browsers.

Google announced on July 4 that it had released an update for Chrome 103 to patch a zero-day vulnerability tracked as CVE-2022-2294. The flaw has been described as a heap buffer overflow in WebRTC, an open source project designed for adding real-time communication capabilities to browsers and applications.

Cybersecurity company Avast, which informed Google about the vulnerability and its exploitation on July 1, revealed this week that the Chrome zero-day appears to have been exploited in targeted attacks linked to Candiru, an Israeli company that provides surveillance tools to government customers.

In the attacks exploiting CVE-2022-2294, the attacker analyzed compromised devices and only pushed the zero-day exploit to systems that were considered important. Once they gained access to the device, the hackers delivered DevilsTongue, a sophisticated malware that can allow its operators to steal a wide range of data from compromised systems.

Avast saw attacks being launched against journalists in Lebanon, as well as against targets in Turkey, Yemen and Palestine.

The WebRTC component affected by CVE-2022-2294 is also present in other Chromium-based browsers, such as Microsoft Edge, and it’s also used by Apple in Safari.

Microsoft released an update for Edge on July 6 to patch the vulnerability, and informed customers that the Chromium team had been made aware of an exploit in the wild.

Apple patched the vulnerability in Safari on macOS Big Sur, Catalina and Monterey on Wednesday, but the tech giant did not mention malicious exploitation.

“While the exploit was specifically designed for Chrome on Windows, the vulnerability’s potential was much wider,” Avast said on Thursday. “We do not know if Candiru developed exploits other than the one targeting Chrome on Windows, but it’s possible that they did.”

Sophos has speculated that it’s possible that the bug is not easy to exploit in Safari, or Apple may have not mentioned active exploitation simply because there is no evidence of attacks targeting its browser.

There is no word from Mozilla on whether Firefox is also impacted by CVE-2022-2294. Mozilla did patch some WebRTC-related vulnerabilities in Firefox in the past.

Related: Google Issues Emergency Fix for Chrome Zero-Day

Related: Emergency Firefox Update Patches Two Actively Exploited Zero-Day Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.