Google Chrome it is the gateway to the Internet used by 7 out of 10 users. Millions of users rely on this browser to read their mail, read the news, and search for any type of content on the web. Google is constantly working to ensure that all users can connect safely and without the risk of hackers compromising their security. However, it is not always possible, and sometimes we can find ourselves with serious problems like the one that affects us today.
The security firm Avast has recently detected a new series of computer attacks that take advantage of a recent security flaw in the browser: CVE-2022-2294. This security flaw, broadly speaking, is within the WebRTC function of Chrome, and allows the process buffer to be saturated to achieve run remote code on the machine.
The form of attack is very simple: hackers have taken control of some websites (both through other computer attacks and through identity theft) so that, when their targets reached the website in question, they used this security flaw to install complex spyware on their computers. All this without interaction from the victim, since it was simply necessary for the victim to use a Chromium-based browser, such as Chrome or Edge.
But not 100% of the users who came to the web were infected. When a victim landed on the page in question, the page’s system was analyzed to see if it could be a significant target or not. If it was, the spyware was remotely installed. If it wasn’t, the connection was blocked.
Candiru, the spyware that can be installed on your PC
The group of hackers behind these computer attacks, about which not much is known, was dedicated to installing a known and dangerous spyware: Candiru. This malware is known to be behind attacks on a large number of journalists, whom they control through it. Thanks to Candiru, both hackers and governments or interested third parties can control the computers of the victims to know at all times what they are working on and be able to anticipate certain movements.
And they can’t just use this malware to monitor victims’ activity. It is also used to collect all kinds of sensitive data that may be useful to these hackers and compromise the security and anonymity of certain individuals.
How to protect Chrome
The main source of infection for this spyware is through the Chrome security flaw CVE-2022-2294. Google secretly fixed this security flaw earlier this month. Therefore, if we have Chrome updated, we should not have problems and we should be safe. If we don’t have it updated, for whatever reason, we have to do it right away.
Hackers have attempted to attack other browsers as well, such as Safari on iOS, through this malware. However, although Apple’s browser engine also shares a vulnerability, it has not been possible to complete the attack through it.