Google: Windows, Chrome, Firefox zero-days exploited for spyware distribution

Numerous zero-day flaws in Windows, Google Chrome, and Mozilla Firefox were noted by Google's Threat Analysis Group to have been leveraged by Spanish custom security solutions provider Variston IT as a means to distribute spyware, TechCrunch reports. Variston IT has developed the "Heliconia" exploitation framework, which consists of three different frameworks, including one with a Chrome renderer vulnerability exploit, one with a malicious PDF file with a Windows Defender exploit, and another with various Firefox exploits for machines running on Windows and Linux, noted Google security researchers. All of the vulnerabilities have already been addressed and have not been actively exploited by attackers, according to Google. Meanwhile, Variston IT has yet to validate the findings. "The growth of the spyware industry puts users at risk and makes the internet less safe, and while surveillance technology may be legal under national or international laws, they are often used in harmful ways to conduct digital espionage against a range of groups," said Google.