Google Exposes Heliconia Exploit Framework Targeting Chrome, Firefox, Windows - Duo Security

Google’s Threat Analysis Group has published details about a trio of newly discovered exploit frameworks that likely were used to exploit Chrome, Firefox, and Microsoft Defender vulnerabilities as zero days in the last few years.

Heliconia Noise is a framework that includes a full one-click chain for exploiting a renderer bug in Chrome that was present in the browser from version 90.0.4430.72 to 91.0.4472.106 and was fixed in August 2021.

Heliconia Soft exploits a flaw in Windows Defender, and Files is a group of exploits for Firefox on both Windows and Linux.

“Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox and Microsoft Defender and provides all the tools necessary to deploy a payload to a target device.

The Heliconia Noise framework that targets Chrome has several components and also a reference to a separate sandbox escape exploit.

The final framework TAG discovered is called simple Files, and it contains an exploit for a Firefox bug that Mozilla patched earlier this year.

That vulnerability (CVE-2022-26485) was exploited in the wild before it was disclosed in March, and Google’s researchers believe actors may have been using the exploit contained in the Heliconia Files framework for several years.

There is also a sandbox escape exploit for the Windows version of Firefox.