Google has officially confirmed a fourth zero-day security vulnerability in Chrome so far this year. It alerts that Android and Windows users are targeted in hack attacks that have been seen in the wild.
Google said in a post on July 4th that an upgrade to Chrome 103.0.5060.114 for Windows would begin rolling out in the next days and weeks. While the protection will be in place after the application is restarted and the Chrome browser will automatically update to this patched version, there’s a very compelling reason not to wait this month. CVE-2022-2294 is to blame for this.
CVE-2022-2294: What is it?
This memory buffer overflow in RTC-related high-severity security flaw was discovered by an Avast Threat Intelligence team member. The full details won’t be released until after the majority of Chrome users have had a chance to update. Given that this represents a zero-day threat, it should happen sooner rather than later. Google has raced to patch it up despite the fact that it was only discovered on July 1 and that it is “aware that an exploit for CVE-2022-2294 exists in the wild.”
This most recent update has also been verified to have corrected two additional serious flaws, CVE-2022-2295 (type misunderstanding in V8) and CVE-2022-2296 (use after free in Chrome OS Shell).
Attacks against Chrome for Android are also ongoing.
Android users are likewise encouraged to upgrade as soon as possible for the same reason at the same time. The Android Chrome app is likewise affected by CVE-2022-2294, and Google has acknowledged that attacks have been observed in the wild. Version 103.0.5060.71 of secured Chrome for Android will be made available through Google Play.
