Security News > 2022 > May > Packaged zero-day vulnerabilities on Android used for cyber surveillance attacks
A new report from Google's Threat Analysis Group exposes the use of five different zero-day vulnerabilities targeting Chrome browser and Android operating systems.
Google assesses with high confidence that these exploits have been packaged by a single commercial surveillance company named Cytrox.
The new research from Google explains that Cytrox sells these new exploits to government-backed actors, who then used them in three different attack campaigns.
According to Google, it was sold by an exploit broker and probably abused by several surveillance vendors.
Analysis of the exploit identified two different Chrome vulnerabilities, CVE-2021-37973 and CVE-2021-37976.
After the sandbox escape was successful, the exploit downloaded another exploit to elevate the users privileges and install the implant.
News URL
https://www.techrepublic.com/article/packaged-zero-day-vulnerabilities-android-attacks/
Related news
- Fully patched Cleo products under renewed 'zero-day-ish' mass attack (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-37976 | Missing Authorization vulnerability in multiple products Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2021-10-08 | CVE-2021-37973 | Use After Free vulnerability in multiple products Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |