Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild.
The flaw is a heap buffer overflow that resides in the Web Real-Time Communications (WebRTC) component, it is the fourth zero-day patched by the IT giant in 2022.
“Google is aware that an exploit for CVE-2022-2294 exists in the wild.,” reads the advisory published by Google.
Google hasn’t shared technical details of the attacks that exploited the vulnerability in the wild and have yet to attribute it to a particular threat actor.
The vulnerability was reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” Google added.
The other Chrome zero-day vulnerabilities addressed by Google this year are:
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Chrome)
[adrotate banner=”5″]
[adrotate banner=”13″]
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
This website uses cookies.