Google Patched One More Chrome Zero-Day Bug Under Attack

Another Chrome browser zero-day has surfaced online. Google has confirmed the latest Chrome zero-day bug to have caught the adversaries’ attention before a patch. So, as the latest release fixes the vulnerability, users must ensure updating their devices to prevent possible exploitations.

Google Chrome Zero-Day Under Attack

Google has recently rolled out another major update for its Chrome web browser. Once again, the tech giant has addressed a serious zero-day bug in the Chrome browser. But what makes it serious is that the firm detected active exploitation of the flaw in the wild.

According to its advisory, the bug in question, a heap buffer overflow, affected WebRTC component. This vulnerability, CVE-2022-2294, first caught the attention of a security researcher from Avast, who reported it to the firm on July 1, 2022.

Google has deemed it a high-severity vulnerability but has refrained from sharing further details from now. It’s a general practice with the firm to avoid publicly disclosing bug details to give ample time to the users for patching, and to avoid excessive exploitation.

In addition, Google has also patched three other vulnerabilities, two of which were reported by external researchers. These include CVE-2022-2295, a high-severity type confusion vulnerability affecting the V8 component. This bug first caught the attention of avaue and Buff3tts at S.S.L., who won a $7500 bounty for reporting it to Google.

Likewise, the other vulnerability CVE-2022-2296, grabbed Google’s attention following the bug report from security researcher Khalil Zhani. It was a use after free in Chrome OS Shell. Google deemed it a high-severity vulnerability, rewarding the researcher with a $3000 bug bounty.

Google has fixed these vulnerabilities with Chrome 103.0.5060.114 for Windows. Whereas it also rolled out the fixes for CVE-2022-2294 and CVE-2022-2295 with Chrome 103.0.5060.71 for Android. This updated Chrome for Android version will arrive on Google Play Store shortly.

Thus, it means that both desktop and mobile users running Chrome browsers on their devices must rush to update.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients