Security News > 2022 > May > Packaged zero-day vulnerabilities on Android used for cyber surveillance attacks
A new report from Google's Threat Analysis Group exposes the use of five different zero-day vulnerabilities targeting Chrome browser and Android operating systems.
Google assesses with high confidence that these exploits have been packaged by a single commercial surveillance company named Cytrox.
The new research from Google explains that Cytrox sells these new exploits to government-backed actors, who then used them in three different attack campaigns.
According to Google, it was sold by an exploit broker and probably abused by several surveillance vendors.
Analysis of the exploit identified two different Chrome vulnerabilities, CVE-2021-37973 and CVE-2021-37976.
After the sandbox escape was successful, the exploit downloaded another exploit to elevate the users privileges and install the implant.
News URL
https://www.techrepublic.com/article/packaged-zero-day-vulnerabilities-android-attacks/
Related news
- Google fixes Android kernel zero-day exploited in attacks (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-37976 | Missing Authorization vulnerability in multiple products Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2021-10-08 | CVE-2021-37973 | Use After Free vulnerability in multiple products Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |