Identified as vulnerability CVE-2022-2294, the exploit is reportedly still active for users who haven’t updated. And it’s already been used to track and steal data from journalists and other high-profile individuals throughout the Middle East. Including Lebanon, Palestine, Turkey, and Yemen. According to reports, the exploit has chiefly been taken advantage of by Israeli spyware distributor Candiru. Coupled with DevilsTongue spyware, the distributor was able to track primarily journalists using the hugely popular browser.
What is the latest Chrome zero-day exploit and why is it so dangerous?
Now, the biggest problem with the latest zero-day exploit found in Google Chrome is that it takes advantage of a security lapse in WebRTC. Summarily, bad actors can simply compromise a legitimate site or create their own. Unlike some other problematic vulnerabilities, the latest issue doesn’t require much action on the part of the user. All users need to do is to visit an impacted website in order to allow the vulnerability to be exploited. Then the attackers can initiate spyware such as DevilsTongue to enable read/write access to the memory of the target device. That, in turn, garners access to a wide assortment of browser data. In fact, the result was more than 50 data points being accessed. Including time zone, device identifiers, cookies, browser plugins, and more. Google was informed of the discovery of the exploit on July 1. And it patched the vulnerability as far back as July 4. But, as noted above, this is still a live vulnerability for any user who hasn’t updated. Given the insidious nature of known exploits, as of this writing, updating to the latest version of Chrome is the only real solution.
