Users of Google’s Chrome browser should upgrade at least to version 103.0.5060.114 in order to prevent being a victim of a zero-day vulnerability that could allow data theft.
The exploit, designated CVE-2022-2294, is still operational for users who haven’t upgraded. And it has already been applied to the Middle East to follow and steal information from prominent figures like journalists. Lebanon, Palestine, Turkey, and Yemen are among the list.
According to sources, Israeli spyware distributor Candiru has mostly used the exploit. The distributor was able to follow users of the incredibly popular browser, primarily journalists, when combined with the DevilsTongue spyware.
Advertisement HOW DANGEROUS IS THE LATEST CHROME ZERO-DAY EXPLOIT AND WHAT IS IT? The primary issue with the most recent zero-day vulnerability discovered in Google Chrome is that it exploits a security hole in WebRTC. In conclusion, evil actors can easily infiltrate a trustworthy website or build their own. The most recent bug doesn’t necessitate much user input, unlike some other significant vulnerabilities. For the vulnerability to be exploited, users only need to visit a website that is affected.
After that, the attackers can activate spyware like DevilsTongue to grant read/write access to the target device’s RAM. This then grants access to a vast array of browser data. In actuality, more than 50 data points were accessible as a result. time zone, unique identifiers for devices, cookies, browser plugins, and more.
On July 1, Google was alerted of the exploit’s findings. It also fixed the flaw on July 4 of last year. However, as was already mentioned, this vulnerability is still active for any user who hasn’t updated. The only practical cure, as of this writing, is to update to the most recent version of Chrome due to the sneaky nature of known exploits.