Google closes Chrome’s 4th zero-day flaw in 2022

Google releases Chrome version 103.0.5060.114 to plug a new zero-day flaw, the fourth since the start of 2022 affecting the world’s most used internet browser.

“Google is aware that an exploit for CVE-2022-2294 exists in the wild”, indicates the group on its blog. It should be understood by this message that the fault in question is known and especially already exploited by certain hackers. It is therefore strongly recommended to update Chrome to close the vulnerability. You can do this by visiting the “About Chrome” section of the browser or by manually downloading the new version from google.fr/chrome.

CVE-2022-2294 is a high-severity, heap-based buffer overflow weakness in the WebRTC (Web Real-Time Communications) component, reported by Jan Vojtesek of the Avast Threat Intelligence team on July 1. Exploiting the flaw can crash the browser, execute arbitrary code, or bypass other security solutions.

Google does not yet share all the information. The group will do this when most users have applied the Chrome update and therefore have protection. “We will also retain restrictions if the flaw exists in a third-party library that other projects also depend on, but which has not yet been patched,” adds Google.

This is therefore the fourth zero-day flaw for Chrome in 2022. The previous ones were discovered in February, March and April.

Leave a Comment