Google has released Chrome 103.0.5060.114 for devices running Windows. The update fixes a dangerous zero-day vulnerability that is in use by hackers in practice. For the fourth time this year, Google has released a patch to address a zero-day vulnerability in Chrome.
Google has confirmed that developers are aware of the existence of an exploit based on the CVE-2022-2294 vulnerability. The issue has got a fix in the mentioned version of Chrome, which began rolling out this week. We expect that it will become available to all browser users in the near future. We do not recommend to delay the installation of the patch; for which it is enough to check for updates through the Chrome update menu.
Google fixes a fresh Chrome zero-day vulnerability used in attacks
As for the CVE-2022-2294 vulnerability itself; its operation associates with a buffer overflow of the Web Real-Time Communications (WebRTC) component. The problem became a few days ago, when it was in reports by Avast Threat Intelligence specialists. The exploitation of the vulnerability allows attackers to perform various actions on the victim’s device, including the remote execution of arbitrary code.
Despite the fact that we know about the exploitation of the CVE-2022-2294 vulnerability in practice; Google is in no hurry to disclose details regarding this problem. The company noted that access to information about the vulnerability will be limited until a patch that eliminates it is installed on the devices of the vast majority of Chrome users, which may take several weeks.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed”. We advise you to immediately update your Chrome browser.