Google has launched an update to its well-liked Chrome browser to resolve four vulnerabilities, together with just one zero-day recent becoming exploited by attackers.
The new Chrome model 103..5060.114 will be rolled out to Windows people around the coming times and months, in accordance to a Google advisory.
It consists of the large severity CVE-2022-2294, a heap buffer overflow bug in WebRTC. It was noted by Avast researcher Jan Vojtesek on July 1.
“We would also like to thank all security researchers that labored with us for the duration of the improvement cycle to reduce security bugs from at any time reaching the stable channel,” Google claimed. “Google is knowledgeable that an exploit for CVE-2022-2294 exists in the wild.”
There was no supplemental information and facts at the time of composing on how the zero-working day is getting exploited, by whom and for what purpose.
Nonetheless, Google produced details of two other high-severity vulnerabilities observed by external scientists, which it fixed in the update.
Patrick Tiquet, VP of security & architecture at Keeper Security, described that CVE-2022-2294 could lead to arbitrary remote code execution simply just by checking out a destructive web page.
“This could allow an attacker to conduct a selection of actions on a goal system, these as set up malware or steal details. Web browsers are important programs that practically all cloud-based products and services have in prevalent and are hence higher-precedence targets – compromise of a web browser could be leveraged to compromise any cloud-primarily based service accessed by that browser,” he extra.
“Ensuring that web browsers are patched is a consumer or consumer corporation duty. Web browsers, if not maintained and patched, can be a weak hyperlink in the security of any cloud-dependent support. Consumer web browsers must be particularly regarding to cloud solutions in this circumstance because they are largely outside the house of the security controls of the cloud services company.”
This is the fourth Chrome zero-day bug that Google has been pressured to resolve so significantly this yr following updates in February, March and April.
Some sections of this report are sourced from: