July 5, 2022

Google Chrome 0-Day Vulnerability Exploited in the Wild

Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day.

The updated version is 103.0.5060.114 for Windows, Mac, and Linux.

The Vulnerability

• CVE-2022-2294 , High Severity – heap-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communications) component.
  Successful heap overflow exploitation can lead to remote code execution or a denial-of-service (DoS).

Affected Products

• Chrome for Desktop prior to version 103.0.5060.114.
• Because the vulnerability affects all unpatched Chromium based browsers, new updates should be monitored in other Chromium based browsers such as Opera, Firefox, and Edge.

Mitigation

CYREBRO recommends updating browsers to the latest Chrome version, 103.0.5060.114 for Windows, Mac, and Linux.

References: Google Advisory