Google Links Exploitation Frameworks to Spanish Spyware Vendor Variston

While the exploits delivered by the Heliconia frameworks are now patched, they were all likely used as zero-days before Google, Mozilla and Microsoft learned of their existence and released fixes. Google says it can be used to deliver a Chrome renderer exploit, followed by a sandbox escape and agent installation in the post-exploitation stage. The Firefox remote code execution flaw, for instance, is believed to have been exploited by the Variston product since at least 2019.