Google issued security updates on Monday to address a high-severity zero-day vulnerability in its Chrome web browser, which it said was being exploited in the wild.
The flaw, identified as CVE-2022-2294, is due to a stack overflow in the WebRTC component, which allows for real-time audio and video communication across browsers without the need to install plugins or download native applications.
When data in a heap area of memory is overwritten, it can result in arbitrary code execution or a denial-of-service (DoS) situation. It develops into
Chrome Android App
MITRE explains that “heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing to the attacker’s code.” “When the result is arbitrary code execution, this can frequently be used to undermine any other security service.”
Jan Vojtesek of the Avast Threat Intelligence team is credited with discovering and reporting the flaw on July 1, 2022. It’s worth noting that the bug also affects the Chrome for Android app.
Details about the flaw, as well as other details about the campaign, have been withheld, as is customary with zero-day exploitation, to prevent further abuse in the wild and until a significant portion of users are updated with a fix.
CVE-2022-2294 also marks the resolution of Chrome’s fourth zero-day vulnerability since the start of the year –
To minimise potential threats, users are advised to update to version 103.0.5060.114 for Windows, macOS, and Linux, and version 103.0.5060.71 for Android. Users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also apply fixes as they become available.
Did you find this article interesting? To read more exclusive content Raspberry Pi Announces Pico W, a $6 Microcontroller Equipped with Wi-Fi