Chrome has a high-severity zero-day vulnerability that Google has warned is actively being used in the wild. In order to safeguard themselves against a potential attack, the business is advising Windows customers to immediately update their browser to version 103.0.5060.114.
This is a flaw in the heap-based buffer overflow in WebRTC, tracked as CVE-2022-2294 (Web Real-Time Communications). Program crashes to arbitrary code execution are just a few examples of how this flaw might be exploited, according to Bleeping Computer, who published the original article on this Chrome upgrade. The attached might be able to execute a more destructive exploit if they are successful in obtaining arbitrary code execution.
On July 1st, Jan Vojtesek of the Avast Threat Intelligence team notified Google of this problem. The business released a patch right away after realizing that an exploit for the vulnerability already existed in the wild. Within a week or two, the update ought to be available to all users worldwide. To prevent possible assaults, Google is delaying the release of information about the vulnerability and its exploit.
Advertisement After the app is relaunched, Chrome often installs an update automatically. You may therefore already be using the most recent version if the update has reached you. To be absolutely certain, pick Settings from the three-dot menu in the top-right corner of your desktop screen. At the bottom, click on About Chrome. You are secure if you are using version 103.0.5060.114. If not, look for a change.
Google claims that the most recent version of Chrome for the Stable Desktop channel includes three more security updates ( includes ). Two of these, CVE-2022-2296 and CVE-2022-2295, which were published in May and June, respectively, included external researchers as contributors. Although there are no known exploits for these high-severity vulnerabilities in the wild, they exist.
THIS IS GOOGLE CHROME’S FOURTH ZERO-DAY VULNERABILITY THIS YEAR. If you’re not familiar, a zero-day vulnerability is a flaw in software for which there is already a working exploit in the wild, even though the software manufacturer is not yet aware of it or hasn’t made a patch available. This is Chrome’s fourth such vulnerability to be found this year (2022). In each of the months of February, March, and April, Google patched a vulnerability. It is advised to routinely check for Chrome updates and install new versions right away given the potential security threats.
Advertisement Regarding zero-day vulnerabilities, the Google Project Zero team found 58 of them in 2021, spread across a variety of products and services. That represents the greatest yearly total to date and is more than double the number the organization found in 2020 (25 zero-day vulnerabilities).