Update Google Chrome browser to patch new zero-day exploit detected in the wild

0
40

Google released security updates Monday to address a very serious zero-day vulnerability in its Chrome web browser that it claims is being exploited in the wild.

The deficiency, tracked as CVE-2022-2294relates to a heap overflow error in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.

Heap buffer overflows, also known as heap overrun or heap smashing, occur when data is overwritten in the heap area of ​​memoryleading to arbitrary code execution or a denial-of-service (DoS) condition.

“Heap-based overflows can be used to override function pointers that may live in memory and reference the attacker’s code”, MITER explains† “If the result is arbitrary code execution, it can often be used to undermine another security service.”

Jan Vojtesek of the Avast Threat Intelligence team is credited with discovering and reporting the bug on July 1, 2022. It’s worth pointing out that the bug is also effects the Android version of Chrome.

As is usually the case with zero-day exploitation, details related to the bug and other details related to the campaign have been withheld to prevent further abuse in the wild and until a significant portion of users are updated with a fix.

CVE-2022-2294 also marks the fix of the fourth zero-day vulnerability in Chrome since the beginning of the year –

Users are advised to update to version 103.0.5060.114 for Windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as they become available.