Google patches new Chrome zero-day flaw exploited in attacks

Captain Awesome

Captain Awesome

Level 24
Thread author
Verified
Top Poster
Well-known
May 7, 2016
1,305
Content source
https://www.bleepingcomputer.com/news/security/google-patches-new-chrome-zero-day-flaw-exploited-in-attacks/
Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022.
"Google is aware that an exploit for CVE-2022-2294 exists in the wild.," the browser vendor explained in a security advisory published on Monday.
 
  • Like
Reactions: [correlate], Dave Russo, oldschool and 12 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
The culprit is CVE-2022-2294, and is a problem in WebRTC
Click to expand...
Google says the flaw is under active attack, but offers no insight into how one might detect it or defend against it other than by updating Chrome. Given the nature and purpose of WebRTC, it's probably best not to use browser-based comms tools until you can update.
Click to expand...
www.theregister.com

Google updates Chrome to squash WebRTC Zero Day

How sad – this looks like a fine excuse to avoid video conferences for a while
www.theregister.com www.theregister.com
 
  • Like
Reactions: [correlate], oldschool, plat and 8 others
CyberTech

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware.

The flaw tracked as CVE-2022-2294 is a high-severity heap-based buffer overflow in WebRTC, which, if successfully exploited, may lead to code execution on the target device.

When Google patched the zero-day on July 4th, it disclosed that the flaw was under active exploitation but provided no further details.

In a report published earlier today, Avast's threat researchers, who discovered the vulnerability and reported it to Google, reveal that they unearthed it after investigating spyware attacks on their clients.
Click to expand...

For more information
www.bleepingcomputer.com

Chrome zero-day used to infect journalists with Candiru spyware

The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: upnorth, Nevi, SeriousHoax and 2 others
You must log in or register to reply here.

Similar threads

lokamoka820
    • Like
    • +Reputation
Security News Google Patches Another Zero-Day Vulnerability in Chrome
Replies
6
Views
1,870
Security News
lokamoka820
lokamoka820
vtqhtr413
    • Like
Security News Google Chrome emergency update fixes 6th zero-day exploited in 2024
Replies
0
Views
2,034
Security News
vtqhtr413
vtqhtr413
vtqhtr413
    • Like
    • Applause
    • +Reputation
Google fixes fifth Chrome zero-day exploited in attacks this year
Replies
0
Views
527
Chrome & Chromium
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top