Google patches new Chrome zero-day flaw exploited in attacks

Captain Awesome

Captain Awesome

Level 27
Thread author
Verified
Top Poster
Well-known
Forum Veteran
May 7, 2016
1,681
11,669
2,569
India
Content source
https://www.bleepingcomputer.com/news/security/google-patches-new-chrome-zero-day-flaw-exploited-in-attacks/
Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022.
"Google is aware that an exploit for CVE-2022-2294 exists in the wild.," the browser vendor explained in a security advisory published on Monday.
 
  • Like
Reactions: [correlate], Dave Russo, oldschool and 12 others
The culprit is CVE-2022-2294, and is a problem in WebRTC
Click to expand...
Google says the flaw is under active attack, but offers no insight into how one might detect it or defend against it other than by updating Chrome. Given the nature and purpose of WebRTC, it's probably best not to use browser-based comms tools until you can update.
Click to expand...
www.theregister.com

Google updates Chrome to squash WebRTC Zero Day

How sad – this looks like a fine excuse to avoid video conferences for a while
www.theregister.com www.theregister.com
 
  • Like
Reactions: [correlate], oldschool, plat and 8 others
The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware.

The flaw tracked as CVE-2022-2294 is a high-severity heap-based buffer overflow in WebRTC, which, if successfully exploited, may lead to code execution on the target device.

When Google patched the zero-day on July 4th, it disclosed that the flaw was under active exploitation but provided no further details.

In a report published earlier today, Avast's threat researchers, who discovered the vulnerability and reported it to Google, reveal that they unearthed it after investigating spyware attacks on their clients.
Click to expand...

For more information
www.bleepingcomputer.com

Chrome zero-day used to infect journalists with Candiru spyware

The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: upnorth, Nevi, SeriousHoax and 2 others
You must log in or register to reply here.

You may also like...