The Recent Chrome Update Follows Unveiling of Cytrox’s Predator Spyware Targeting iOS Devices of Egyptian Politician by Google TAG and University of Toronto’s Citizen Lab.
In a swift response to a potentially dangerous cybersecurity threat, Google has released an urgent update for its Chrome web browser. The update, available for Windows, macOS, and Linux users, is aimed at patching a zero-day vulnerability that was reportedly exploited by a commercial spyware vendor.
On Tuesday, Google officially unveiled the stable channel update for Chrome, which brings the browser to version 117.0.5938.132. While this update addresses a total of ten vulnerabilities, three of them are particularly noteworthy, according to the company’s advisory.
The most critical of these vulnerabilities, identified as CVE-2023-5217, has been characterized as a “heap buffer overflow in vp8 encoding in libvpx.” This security flaw was reported to the Chrome development team by Clement Lecigne, a member of Google’s Threat Analysis Group (TAG), just days before the patch’s release.
What makes CVE-2023-5217 particularly concerning is that it has already been exploited in the wild. Although Google’s advisory does not delve into specifics regarding the nature of these attacks, insights from Maddie Stone, a researcher with Google TAG, reveal that the zero-day vulnerability was leveraged by a commercial surveillance vendor.
This revelation comes hot on the heels of an announcement by Google TAG and the University of Toronto’s Citizen Lab group regarding an operation with malicious intentions. The operation aimed to deliver a potent piece of spyware, ominously named “Predator,” to an opposition politician in Egypt.
The analysis of this operation uncovered a disconcerting use of various zero-day vulnerabilities and man-in-the-middle (MitM) attacks. These tactics were deployed to surreptitiously deliver the spyware to both Android and iOS devices, marking a troubling development in the realm of cyber espionage.
The urgency with which Google responded to this zero-day vulnerability underscores the ever-present and evolving nature of online threats. In an age where cybersecurity is paramount, users are reminded once again to remain vigilant, keep their software up to date, and exercise caution when browsing the web.
As technology continues to advance, so do the capabilities of those who seek to exploit it. In the ongoing cat-and-mouse game between cybersecurity experts and threat actors, swift responses like Google’s are essential in safeguarding cyberspace.