• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
update google chrome browser to patch new zero day exploit detected

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

You are here: Home / General Cyber Security News / Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild
July 5, 2022

Google on Monday delivered security updates to address a high-severity zero-working day vulnerability in its Chrome web browser that it stated is currently being exploited in the wild.

The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC part that supplies real-time audio and movie communication capabilities in browsers with out the have to have to set up plugins or down load indigenous apps.

Heap buffer overflows, also referred to as heap overrun or heap smashing, occur when information is overwritten in the heap place of the memory, top to arbitrary code execution or a denial-of-support (DoS) problem.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“Heap-primarily based overflows can be used to overwrite functionality pointers that may perhaps be dwelling in memory, pointing it to the attacker’s code,” MITRE explains. “When the consequence is arbitrary code execution, this can frequently be employed to subvert any other security company.”

Credited with finding and reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Menace Intelligence workforce. It truly is truly worth pointing out that the bug also impacts the Android model of Chrome.

As is typically the case with zero-day exploitation, particulars pertaining to the flaw as nicely as other specifics relevant to the marketing campaign have been withheld to protect against additional abuse in the wild and right until a sizeable chunk of consumers are up to date with a deal with.

CyberSecurity

CVE-2022-2294 also marks the resolution of the fourth zero-day vulnerability in Chrome since the start of the 12 months –

  • CVE-2022-0609 – Use-soon after-no cost in Animation
  • CVE-2022-1096 – Sort confusion in V8
  • CVE-2022-1364 – Sort confusion in V8

People are advised to update to edition 103..5060.114 for Windows, macOS, and Linux and 103..5060.71 for Android to mitigate possible threats. Customers of Chromium-based browsers this kind of as Microsoft Edge, Brave, Opera, and Vivaldi are also recommended to utilize the fixes as and when they turn into available.

Uncovered this short article appealing? Comply with THN on Facebook, Twitter  and LinkedIn to go through far more distinctive information we put up.


Some parts of this posting are sourced from:
thehackernews.com

Previous Post: «Cyber Security News NATO to Develop Rapid Cyber Response Capabilities
Next Post: Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web researchers share techniques to uncover anonymized ransomware sites on dark»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.