Google on last Monday 4^th July 2022 released an emergency chrome update to fix a high severity zero – day attack. The flaw is tracked as CVE-2022-2294 is a Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01. The result of successful heap overflow exploitation enables attackers to execute arbitrary code to bypass security solutions on unpatched Chrome versions and will lead to program crashes.

“Google is aware that an exploit for CVE-2022-2294 exists in the wild,” google explained in the security advisory published. The stable version 103.0.5060.114 is now rolled out and the entire user base will be updated in few days or weeks.

This happens to be the fourth Chrome zero-day vulnerability of 2022. However, google has not release the bug details stating “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,”

Users are recommended to update security patches to prevent exploitation attempts.

Sources

https://chromereleases.googleblog.com/2022/07/extended-stable-channel-update-for.html

https://www.bleepingcomputer.com/news/security/google-patches-new-chrome-zero-day-flaw-exploited-in-attacks/