The fourth Chrome zero-day bug was addressed in 2022. Google has made Chrome 103.0.5060.114 available for Windows users in order to fix a high-severity zero-day issue that has been actively used by hackers.
The maker of the browser acknowledged the existence of a CVE-2022-2294 issue in the wild in a security bulletin released on Monday.
In the Stable Desktop channel, the 103.0.5060.114 update is currently rolling out to all users globally. According to Google, it will take a few days or in fact a few weeks to reach every user.
When BleepingComputer tested for the latest update by heading to the Chrome menu > Help > About Google Chrome, this update was already available.
After the following launch, the web browser would immediately check for the latest updates and install them.
Attack specifics remain unknown
The rising severity heap-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communications) component is the zero-day problem that was fixed today (marked as CVE-2022-2294), which was discovered by Jan Vojtesek of the Avast Threat Intelligence team on Friday, July 1.
If heap overflowing exploitation is successfully accomplished, the effects can include everything from software crashes and unfettered code execution to evading security measures.
Despite the fact that Google claims that this zero-day vulnerability was used in the wild, the corporation has not yet provided any technical information or other information regarding these occurrences.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said.
“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
Since Google is delaying the publication of additional information about the threats, Chrome users must have adequate time to update and prevent exploitation methods until Google does.
