Google Chrome users are asked to update their browser immediately in order to avoid attack.
Google Chrome Users Asked To Update Browser Immediately
Currently, a zero-day vulnerability in chrome is being exploited actively. At the moment, Google has released an update for the windows version of the chrome web browser in order to help fix a zero-day vulnerability that is being exploited actively in the wild.
BleepingComputers now reports that the high-severity bug that is tracked as CVE-2022-2294 has now been patched with the latest build for chrome (103.0.5060.114). The web browser, Google chrome, normally is updated automatically immediately after it is opened by a user.
This, therefore, means that there is a great chance that many installations have been patched already. Google however has cited that it may take a couple of weeks for the patch to find its way to the remainder.
The Extent of the Vulnerability and Its Exploits
Google in the meantime is not sharing much in regards to the vulnerability and its exploit so as to not give cyber criminals any leads or ideas. And as for now, we will all have to wait a little bit longer to learn about the malware that is being used in fixing the flaw.
‘Access to bug details and links may be kept restricted until a majority of users are updated with a fix,’ Google said in a release. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.’
We, however, know that the flaw noticed is a high-severity heap-based buffer overflow weakness that was discovered by Jan Vojtesek of Avast in the WebRTC also known as web real-time communications component.
This Is Not the First Zero-Day Bug to Be Fixed By Google This Year
Threat actors that manage to exploit this very bug successfully can crash programs on the run and also run arbitrary code on endpoints affected. This is not the first zero-day bug that has been fixed by Google this year alone. This is, in fact, the fourth following CVE-2022-0609 which was patched in February, CVE-2022-1096 which was patched in March, and CVE-2022-1364 which was patched in April.
Researchers at the time said that the first patch of the whole bunch was leveraged by North Korean state-sponsored actors. With that being said, administrators of chrome are now being tasked to keep a watchful eye on chrome and to also make sure to install the patch in the event that the browser does not install the patch automatically.