News
Google Chrome Exploit Results In Attack On Lebanese Journalists
According to antivirus company Avast, there is evidence that an Israeli spyware firm called Candiru used a vulnerability in Google Chrome to spy on journalists in Lebanon.
In early July 2022, Google patched a previously unknown vulnerability in its Chrome browser, known as CVE-2022-2294. The zero-day Chrome exploit only came to light after it was apparently used to spy on journalists in Lebanon.
Antivirus company, Avast, collated a report, which it delivered to Google detailing the zero-day exploit. In this report, Avast claims that Israeli spyware firm, Candiru, used the exploit to install spyware on the journalist’s computers.
It equally believes that the firm has used similar exploits to target Avast users in Turkey, Lebanon, Palestine and Yemen beginning in March of this year.
A zero-day exploit is, in short, a vulnerability in a piece of software that is unknown to the developers. They are typically discovered in the wild for this reason, and are known as zero-day because the developers have zero days in which to address the issue. This is because the vulnerability has the potential to cause damage from the moment it is discovered.
Avast alleges that Candiru used the above-mentioned exploit to gain access to user’s computers. It is believed to have compromised a website, which it used to redirect users to a server that could collect their data. If the data – collected on 50 data points such as location, language, time zone, etc. – met their requirements, the server would establish an encrypted channel.
Despite not claiming responsibility, Candiru is the prime suspect in the attack because the CVE-2022-2294 exploit was used to install the DevilsTongue spyware. This is a piece of malware previously linked to the group by Microsoft in a separate string of attacks.
In its report, Avast claims that the zero-day exploit was used alongside another vulnerability capable of bypassing the sandbox security function in Chromium. However, Avast has (as yet) been unable to determine the second exploit used by the alleged attackers.
Also Read: DDoS Attacks Are A Growing Threat In Gaming
Luckily, Google released a patch for the exploit on July 4. As such, there is no need for Chrome users to be concerned, providing browsers are kept up to date. Microsoft and Apple have released patches for their Edge and Safari browsers, too, as they also use WebRTC.
Candiru has not yet been officially connected to the incident, so its involvement is currently (albeit well-informed) speculation. However, the tools used and computers targeted matches its previous spyware attempts dating from 2021 and early 2022. As the company has no public online presence, this fact is unlikely to change anytime soon.
News
At I/O 2026, Sundar Pichai Concedes AI Must Deliver Real Value
Gemini 3.5, a personal agent called Spark, agentic shopping, and Android XR eyewear are all aimed at making AI feel useful, not just impressive.
Google’s annual I/O developer conference (I/O 2026) has recently become a status update on the same question: can the company turn its AI spending into products people use every day? This year, chief executive Sundar Pichai described Google as being in a phase of hyper progress, while conceding this is the part of the cycle where people want to see real value in the products they use on a day-to-day basis.
The strategy on display was to push agents — AI systems that act on a user’s behalf — into nearly every Google product at once. Search now has an “intelligent search box” that returns generated explainer videos alongside links. Gmail, Docs, YouTube and Maps are gaining their own agent layers, including a Docs Live feature that turns spoken instructions into drafted text with citations.
Two new models, Gemini 3.5 and a cheaper Gemini 3.5 Flash, arrived the same day. Google says 900 million people now use Gemini, and that more than 50 billion images have been generated with it. The pricing tier names are likely to confuse buyers: a new AI Ultra plan launches at $100 a month, while the older Gemini AI Ultra drops from $250 to $200.
The flashier announcements were Gemini Omni, a video generator pitched as a more realistic answer to OpenAI’s discontinued Sora 2, and Gemini Spark, a personal agent that handles recurring tasks across a user’s Google account. A new universal shopping cart lets agents complete purchases across multiple retailers from inside Google itself, placing the company between the merchant and the buyer, and also owning the checkout.
Also Read: DJI Teases Dual-Camera Osmo Pocket 4P For 2026 Launch
Google also confirmed its Android XR eyewear, built with Samsung and frames from Warby Parker and Gentle Monster. Audio-only glasses ship this autumn; a display-equipped version, which would superimpose live translations into the wearer’s field of view, is still in development. Both sets translate, however only the display version shows you the result.
What Pichai did not resolve is the bargain underneath all this. An agent is only useful to the degree it knows your calendar, your inbox, your shopping history and your physical surroundings. Google has now confirmed that, in time, the same context may carry advertising.
2026 Crypto Trends: Bitcoin, ETFs & The Future Of Payments
At I/O 2026, Sundar Pichai Concedes AI Must Deliver Real Value
DJI Teases Dual-Camera Osmo Pocket 4P For 2026 Launch
Lebanon Ministers Meet Visa Over National Digital Payment Platform
