Google Chrome Users are told to Update Immediately or Risk an Attack. Google has now pushed out an update for the windows version of its Chrome web browser to fix a zero-day vulnerability being actively exploited in the wild.
Google Chrome Users told to Update Immediately or Risk Attack
The high-severity bug tracked as CVE-2022-2294, has been patched with the latest Chrome build, Bleepingcomputer reports.
Google Chrome is usually updated automatically, as soon as the browser has been opened by the user, so there is a great chance that many installations have already been patched. However, Google says it might take a number of weeks for the patch to make its way to the remainder.
Short on Details
At the moment, Google is withholding details on the vulnerability and its exploit, so as not to give cybercriminals any ideas. We would have to wait a while longer to learn about the malware being used to leverage the flaw.
“In other to access bug details and links may be kept restricted until a majority of users are updated with fix,” Google said. “We would also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but have not yet fixed it.”
We do know the flaw is a high-severity buffer overflow weakness discovered by Avast’s jan Vojtesek, in the WebRTC (Web Real-Time Communications) component.
Threat actors that manage to successfully exploit this bug can crash programs and run arbitrary code on affected endpoints.
Google Update Fix
This is hardly the first zero-day bug that Google has fixed this year. As a matter of fact, this is the fourth, following CVE-2022-0609 (patched in February), CVE-2022-1096 (patched in March), and CVE-2022-1364 (patched in April).
The first of the bunch was leveraged by the North Korean State-Sponsored Actors, researchers said at the time.
Administrators are now advised to keep an eye on Chrome, and in other to make sure to install the patch, should the browser not do so automatically.