Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day flaw in Chrome, tracked as (CVE-2022-2294), which is actively exploited in the wild.
The vulnerability tracked as (CVE-2022-2294), high severity, Heap buffer overflow in WebRTC component that real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.
Reports say the impact of the successful exploitation of heap overflow can range from program crashes and arbitrary code execution to bypassing security solutions if code execution is achieved during the attack.
“Google is aware that an exploit for CVE-2022-2294 exists in the wild,” reads the advisory published by Google.
The Chrome 103.0.5060.114 is rolling out worldwide in the Stable Desktop channel, with Google saying that it’s a matter of days or weeks until it reaches the entire userbase.
The company is yet to share technical details or any other information regarding these incidents. Google mention, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.”
“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”, they added.
Notably, the vulnerability was reported by Jan Vojtesek from the Avast Threat Intelligence team on July 1st, 2022.
The other zero-day flaws in chrome addressed by Google this year:
- CVE-2022-0609 – (February 14) – use-after-free issue that resides in the Animation component.
Therefore, it is strongly recommended to update the version 103.0.5060.114 for Windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also recommended to apply the fixes as and when they become available.