Google released security updates on Monday to address a high-severity zero-day vulnerability in its Chrome web browser. According to Google, this vulnerability is already being exploited in the wild.
The flaw, which is being tracked under the identifier CVE-2022-2294, is a heap overflow vulnerability in the WebRTC component. This component enables real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.
Heap buffer overflows are a type of memory vulnerability that can result in arbitrary code execution or a denial-of-service (DoS) condition if they occur when data in the heap area of the memory is overwritten. This vulnerability is also known as heap overrun or heap smashing.
According to MITRE's explanation, "Heap-based overflows can be used to overwrite function pointers that may be living in memory," which then directs execution to the code of the attacker. When the result is the execution of arbitrary code, this vulnerability can frequently be exploited to circumvent the protection offered by any other security service.
A member of the Avast Threat Intelligence team known as Jan Vojtesek is credited with discovering the vulnerability on July 1, 2022. It's important to note that the bug affects both the desktop and mobile versions of Chrome for Android.
To prevent further abuse in the wild and until a significant portion of users is updated with a fix, details pertaining to the flaw as well as other specifics related to the campaign have been withheld, as is typically the case with zero-day exploitation. This includes both the flaw itself as well as other details related to the campaign.
Additionally, Chrome has been patched against a zero-day vulnerability for the fourth time since the beginning of the year thanks to CVE-2022-2294.
Use-after-free vulnerability found in Animation (CVE-2022-0609), a Type confusion in the V8 component was the cause of CVE-2022-1096 and CVE-2022-1364 respectively.
To protect themselves from any potential dangers, users are strongly encouraged to update to version 103.0.5060.114 for Windows, macOS, and Linux, and to version 103.0.5060.71 for Android. Users of browsers that are based on Chromium, including Microsoft Edge, Brave, Opera, and Vivaldi, are also encouraged to apply the fixes as soon as they are made available to them.
The revelation comes not long after a report was published by Google Project Zero, which stated that a total of 18 security flaws have been exploited as unpatched zero-days in the wild so far in 2018.
Post a Comment
Your suggestions and comments are welcome