In many cases, security vulnerabilities appear that affect the programs that we use on a day-to-day basis. A clear example is the browser. It may have vulnerabilities and that can allow a hacker to break in and steal passwords or personal information. That is what is happening now with Google Chrome and you should update it as soon as possible to fix a zero-day bug.
Google has released security updates to address a Zero-Day in its Chrome web browser that it said is being exploited in the wild.
The vulnerability, identified as CVE-2022-2294, relates to a buffer overflow component WebRTC that provides real-time video and audio communication capabilities in browsers, without the need to install plugins or download native applications.
Heap buffer overflows, also called heap overflow or heap destruction, occur when data is overwritten in the heap area of memory, causing arbitrary code execution or a DoS attack.
“These types of overflows can be used to overwrite pointers to functions that may be in memory, pointing them to the attacker’s code, ” explains the expert. “When the consequence is arbitrary code execution, this can often be used to subvert any other security service”.
The vulnerability was reported by Jan Vojtesek of the Avast Threat Intelligence team on July 1, 2022. It’s worth noting that the bug also affects the Android version of Chrome.
As is often the case with zero-day exploits, details related to the vulnerability and other specific details related to the campaign have been withheld to prevent further abuse in the wild and until a significant portion of users are updated with a fix. .
CVE-2022-2294 also marks the resolution of the fourth zero-day vulnerability in Chrome since the beginning of the year:
- CVE-2022-0609
- CVE-2022-1096
- CVE-2022 -1364
Users are advised to update to version 103.0.5060.114 for Windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply fixes as they become available.
The disclosure follows shortly after a report by Google Project Zero, which noted that a total of 18 security vulnerabilities have been exploited as unpatched Zero-Day so far this year.
How to fix these bugs
If you want to fix these Google Chrome zero-day vulnerabilities, the best way is to update your browser. It is a simple process that you can do at any time. To do this you have to go to the menu on the top right (the three points), go to Help and click on Google Chrome Information.
There, it will automatically show you which version you have installed. Remember that you must have version 103.0.5060.114 to be able to correct these errors. If you had any previous one, the browser itself will start the update process. This will only last a few seconds and you will quickly see the blue signal indicating that you have it updated. You should see something like the following image.
Cyber Security Specialist with 18+ years of industry experience . Worked on the projects with AT&T, Citrix, Google, Conexant, IPolicy Networks (Tech Mahindra) and HFCL. Constantly keeping world update on the happening in Cyber Security Area.