Google on Monday delivered security updates to address a high-severity zero-working day vulnerability in its Chrome web browser that it stated is currently being exploited in the wild.
The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC part that supplies real-time audio and movie communication capabilities in browsers with out the have to have to set up plugins or down load indigenous apps.
Heap buffer overflows, also referred to as heap overrun or heap smashing, occur when information is overwritten in the heap place of the memory, top to arbitrary code execution or a denial-of-support (DoS) problem.
“Heap-primarily based overflows can be used to overwrite functionality pointers that may perhaps be dwelling in memory, pointing it to the attacker’s code,” MITRE explains. “When the consequence is arbitrary code execution, this can frequently be employed to subvert any other security company.”
Credited with finding and reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Menace Intelligence workforce. It truly is truly worth pointing out that the bug also impacts the Android model of Chrome.
As is typically the case with zero-day exploitation, particulars pertaining to the flaw as nicely as other specifics relevant to the marketing campaign have been withheld to protect against additional abuse in the wild and right until a sizeable chunk of consumers are up to date with a deal with.
CVE-2022-2294 also marks the resolution of the fourth zero-day vulnerability in Chrome since the start of the 12 months –
- CVE-2022-0609 – Use-soon after-no cost in Animation
- CVE-2022-1096 – Sort confusion in V8
- CVE-2022-1364 – Sort confusion in V8
People are advised to update to edition 103..5060.114 for Windows, macOS, and Linux and 103..5060.71 for Android to mitigate possible threats. Customers of Chromium-based browsers this kind of as Microsoft Edge, Brave, Opera, and Vivaldi are also recommended to utilize the fixes as and when they turn into available.
Uncovered this short article appealing? Comply with THN on Facebook, Twitter and LinkedIn to go through far more distinctive information we put up.
Some parts of this posting are sourced from: