Google has released an update for the Windows version of its Chrome web browser to fix a zero-day vulnerability.
Google Chrome 103 entered the Stable channel a few weeks ago with a number of new features, including a pre-processing mechanism for faster page loads and the ability to access native fonts of web apps. Now Google has released another update for its browser to fix some security issues, including a 0-day exploit.
- Nearly 1000 new microbes trapped in Tibetan glaciers and unknown to the scientific world
- The Enigma Machine and Alan Turing
The high severity bug, tracked as CVE-2022-2294, has been patched with the latest Chrome build (103.0.5060.114), BleepingComputer reports.
Google Chrome is usually updated automatically as soon as the browser is opened by the user, so it’s likely that many installations have been patched. However, Google says it could take a few weeks for the patch to reach the rest.
In the meantime, Google is withholding details about the vulnerability and its exploitation to avoid giving cybercriminals any insight. We will have to wait a little longer to learn about the malware used to exploit the flaw.
“Access to bug details and links may be restricted until the majority of users are updated with a fix,” Google said in a statement. “We will also maintain restrictions if there is a bug in a third-party library that other projects similarly depend on but have not yet fixed.”
The flaw is known to be a high-severity stack-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communication) component, discovered by Jan Vojtesek of Avast.
Threat actors who successfully exploit this flaw can lock programs and execute arbitrary code on affected endpoints.
This is not the first zero-day bug Google has fixed this year. In fact, this is the fourth update after CVE-2022-0609 (patched in February), CVE-2022-1096 (patched in March) and CVE-2022-1364 (patched in April).