The fourth Chrome zero-day vulnerability addressed in 2022, Google has made Chrome 103.0.5060.114 available for Windows users in order to fix a high-severity zero-day vulnerability that has been actively used by attackers.
The maker of the browser stated in a security alert released on Monday that “Google is aware that an exploit for CVE-2022-2294 exists in the wild.”
Google estimates that it will take days or weeks for the full user base to receive the 103.0.5060.114 version, which is currently rolling out globally in the Stable Desktop channel.
By heading to the Chrome menu > Help > About Google Chrome, BleepingComputer was able to check for new updates immediately.
Additionally, after its subsequent activation, the web browser will automatically check for updates and begin to apply them.
Read More
- Geely Founder Buys Stake in Smartphone Brand Meizu
- Attack On Titan Season 4 Part 3 Release Date: Is This Series Coming in 2022!
- Chrome For iOS Updated With Enhanced Safe Browsing
Attack details not revealed
The high severity heap-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communications) component is the zero-day problem that was fixed today (recorded as CVE-2022-2294), which was discovered by Jan Vojtesek of the Avast Threat Intelligence team on Friday, July 1.
If heap overflow exploitation is successful, the effects can include everything from software crashes and unfettered code execution to evading security measures.
Despite the fact that Google claims that this zero-day vulnerability was used in the wild, the corporation has not yet provided any technical information or other information regarding these events.
Google stated, “Access to problem details and links may be kept limited until the majority of users are informed of a patch.”
“We will also keep the limits if the bug is in a third-party library that other projects also rely on but haven’t corrected yet,” the statement continued.
Fourth Chrome zero-day fixed this year
Google has solved the fourth Chrome zero-day since the year’s beginning with this update.
The following three zero-day vulnerabilities were discovered and fixed in 2022:
- CVE-2022-1364 – 14th of April
- CVE-2022-1096 – 25th of March
- CVE-2022-0609 – 14th of February
According to the Google Threat Analysis Group, the one patched in February, CVE-2022-0609, was taken advantage of by North Korean-backed state hackers weeks before the patch (TAG). On January 4, 2022, the first indications of in-the-wild exploitation were discovered.
Two North Korean-sponsored threat groups took advantage of it in attempts to spread malware through phishing emails that featured phony job offers and hijacked websites that contained iframes that served exploit kits.
It is strongly advised to apply the Google Chrome update from today as soon as possible because the zero-day vulnerability that was patched today is known to have been leveraged by attackers in the wild.
This is all about the Google fixes Chrome zero-day vulnerability, for more informative content visit techballad.com