On Monday, Google sent out security updates to address a high-severity zero-day vulnerability in the Chrome web browser that it says is being exploited in the wild.
Missing, tracked as CVE-2022-2294related to the heap overflow hole in WebRTC component that provides real-time audio and video communication in the browser without installing plugins or downloading native apps.
Heap buffer overflow, also known as heap buffer overflow or heap smash, occurs when data is overwritten in heap area of memoryresulting in arbitrary code execution or denial of service (DoS) conditions.
MITER explain. “When the consequence is arbitrary code execution, this can often be used to subvert any other security service.”
Jan Vojtesek from the Avast Threat Intelligence team is credited with discovering and reporting the vulnerability on July 1, 2022. It should be pointed out that the bug is also a bug. impact Android version of Chrome.
As usual with zero-day exploits, details regarding the vulnerability as well as other specifics related to the campaign have been withheld to prevent further abuse in the wild and until a a large number of users are updated with the fix.
CVE-2022-2294 also marks the fourth zero-day fix in Chrome since the beginning of the year –
Users should update to version 103.0.5060.114 for Windows, macOS, and Linux, and 103.0.5060.71 for Android to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also apply fixes as and when they become available.