Google Patches Chrome Zero-Day Security Vulnerability
Google has stated this new update (version 103.0.5060.114) will be available to all Chrome users globally within a few weeks. And users have been advised to update their software and install this “critical security fix” as soon as possible to prevent falling victim to this vulnerability.
This Is the Fourth Chrome Zero-Day of 2022
Though the CVE-2022-2294 vulnerability is currently being exploited, Google is yet to release much information concerning how to detect it. The company merely posted a quick update on the Google Chrome Releases Blog.The CVE-2022-2294 vulnerability has already been exploited by malicious parties and was only discovered when Jan Vojtesek from the Avast Threat Intelligence team reported the flaw on July 1st.
This threat is associated with a heap overflow flaw within Chrome's Web Real-Time Communication (Web RTC) component, which gives the browser its real-time communications capabilities. Also known as “heap smashing” or “heap overruns”, this weakness in the wild can lead to harmful denial-of-service (DoS) attacks.
Information on the vulnerability has likely been withheld to prevent cybercriminals from learning too much about it. But we do know that this is now the fourth zero-day vulnerability to be patched this year. Previous weaknesses include:
- CVE-2022-0609 (February 14th)
- CVE-2022-1096 (March 25th)
- CVE-2022-1364 (April 14th)
Update Google Chrome ASAP
Because this particular zero-day exploit (what are zero-day exploits?) is high severity in terms of risk, updating your Chrome browser should be a priority.
If you're using a macOS, Linux, or WIndows-powered device, you're advised to download version 103.0.5060.114. If you're using an Android-powered device, updating to version 103.0.5060.71 is recommended.
In most cases, Chrome will automatically install this update, but will not do so if your automatic update feature is disabled. Check your browser settings to verify whether you're set for automatic updates, or if you need to install the newest version of Chrome manually.
Future Zero-Day Exploits Are Always a Possibility
As time passes, we may see future zero-day vulnerabilities occur within Chrome's web browser. Though this will always be a risk, Google's speedy responses will hopefully mitigate any damage done by malicious actors who exploit this kind of weakness.