According to the antivirus business Avast, a serious flaw in Google Chrome has been linked to an Israeli spyware outfit’s attempts to monitor journalists.
The CVE-2022-2294 vulnerability, which was previously undiscovered, was recently patched by Google, who also issued a warning about how it was already being used to target individuals.
The vulnerability was probably being used by the Israeli company Candiru to snoop on journalists in Lebanon, according to Avast. The antivirus company initially informed Google of the issue, and it just released a study with additional details on the vulnerability and how it was used to distribute spyware.
The server would create an encrypted connection with the victim’s machine and leverage the Chrome zero-day vulnerability (CVE-2022-2294) to remotely execute malicious code on the victim’s browser if the acquired data satisfied certain requirements.
According to Avast, Candiru combined the exploit with a different flaw to get beyond Chrome’s sandbox security measure. Despite being unable to locate the second vulnerability, the two together allowed a Windows-based spyware package to be sent to the victim’s PC.
Avast uncovered “DevilsTongue,” a Windows malware that resembles one found by Microsoft in assaults connected to Candiru. Avast believes that CVE-2022-2294 was used by the Israeli vendor in specific attacks in the Middle East.
However, the security risk has been eliminated as a result of Google patching the vulnerability on July 4. Users can upgrade their Chrome browser as well as WebRTC-using versions of Microsoft Edge and Apple Safari, which have all received fixes, to protect themselves from the attack.
