Update Google Chrome Browser to Fix New Zero-Day Exploit Detected in the Wild

Google released security updates on Monday to address a high-severity zero-day vulnerability in its Chrome web browser that it says is being exploited in the wild.

The gap, followed as CVE-2022-2294concerns a heap overflow error in WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.

Heap buffer overflows, also known as heap overflow or heap overflow, occur when data is overwritten in the heap area of ​​memory resulting in the execution of arbitrary code or a denial of service (DoS) condition.

Advertising

“Heap-based overflows can be used to overwrite function pointers that may live in memory, pointing them to attacker code,” MITER explains. “When the consequence is the execution of arbitrary code, it can often be used to subvert any other security service.”

Jan Vojtesek from the Avast Threat Intelligence team is credited with discovering and reporting the flaw on July 1, 2022. It should be noted that the bug also impacts the Android version of Chrome.

As is typically the case with zero-day exploitation, details pertaining to the flaw along with other campaign-related specifics have been withheld to prevent further abuse in the wild and until a significant number of users are updated with a patch.

cyber security

CVE-2022-2294 also marks the resolution of the fourth zero-day vulnerability in Chrome since the start of the year –

Users are recommended to update to version 103.0.5060.114 for Windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply patches as they become available.

Leave a Comment