Google patches new Chrome zero-day flaw exploited in attacks

Captain Awesome

Level 23
Thread author
Verified
Top Poster
Well-known
May 7, 2016
1,292
Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022.
"Google is aware that an exploit for CVE-2022-2294 exists in the wild.," the browser vendor explained in a security advisory published on Monday.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
The culprit is CVE-2022-2294, and is a problem in WebRTC
Google says the flaw is under active attack, but offers no insight into how one might detect it or defend against it other than by updating Chrome. Given the nature and purpose of WebRTC, it's probably best not to use browser-based comms tools until you can update.
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware.

The flaw tracked as CVE-2022-2294 is a high-severity heap-based buffer overflow in WebRTC, which, if successfully exploited, may lead to code execution on the target device.

When Google patched the zero-day on July 4th, it disclosed that the flaw was under active exploitation but provided no further details.

In a report published earlier today, Avast's threat researchers, who discovered the vulnerability and reported it to Google, reveal that they unearthed it after investigating spyware attacks on their clients.

For more information
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top