Google on Monday shipped safety updates to deal with a high-severity zero-day vulnerability in its Chrome net browser that it stated is being exploited within the wild.
The deficiency, tracked as CVE-2022-2294it pertains to a stack overflow flaw within the WebRTC part that gives real-time video and audio communication capabilities in browsers with out the necessity to set up plugins or obtain native purposes.
Heap buffer overflows, additionally referred to as heap overflow or heap destruction, happen when information is overwritten within the heap space of reminiscence, inflicting arbitrary code execution or a deny situation of service (DoS).
“Heap-based overflows can be utilized to overwrite operate pointers which may be residing in reminiscence, pointing them to the attacker’s code,” MITER explains. “When the consequence is bigoted code execution, this will typically be used to subvert another safety service.”
Jan Vojtesek of the Avast Menace Intelligence workforce is credited with discovering and reporting the flaw on July 1, 2022. It is value noting that the bug additionally impacts the Android model of Chrome.
As is usually the case with zero-day exploits, particulars associated to the flaw and different particular particulars associated to the marketing campaign have been withheld to stop additional abuse within the wild and till a good portion of customers are up to date with a repair. .
CVE-2022-2294 additionally marks the decision of the fourth zero-day vulnerability in Chrome for the reason that starting of the yr:
Customers are beneficial to replace to model 103.0.5060.114 for Home windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Customers of Chromium-based browsers equivalent to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally inspired to use fixes as they develop into out there.