Chrome, Defender, and Firefox 0-days linked to commercial IT firm in Spain - Ars Technica

Google researchers said on Wednesday they have linked a Barcelona, Spain-based IT company to the sale of advanced software frameworks that exploit vulnerabilities in Chrome, Firefox, and Windows Defender.

Researchers Clement Lecigne and Benoit Sevens said the exploit frameworks were used to exploit n-day vulnerabilities, which are those that have been patched recently enough that some targets haven't yet installed them.

Evidence suggests, they added, that the frameworks were also used when the vulnerabilities were zero-days.

The frameworks contained “mature source code capable of deploying exploits for Chrome, Windows Defender, and Firefox” respectively.

The frameworks exploited vulnerabilities that Google, Microsoft, and Firefox fixed in 2021 and 2022.

Heliconia Noise included both an exploit for the Chrome renderer, along with an exploit for escaping the Chrome security sandbox, which is designed to keep untrusted code contained in a protected environment that can’t access sensitive parts of an operating system.

The Files framework contained a fully documented exploit chain for Firefox running on Windows and Linux.

TAG's research has shown the proliferation of commercial surveillance and the extent to which commercial spyware vendors have developed capabilities that were previously only available to governments with deep pockets and technical expertise.

These abuses represent a serious risk to online safety which is why Google and TAG will continue to take action against, and publish research about, the commercial spyware industry.