5 July 2022

Google patched 4th Chrome zero-day vulnerability this year


Google patched 4th Chrome zero-day vulnerability this year

Google issued an emergency patch for a critical vulnerability in its Chrome browser which is already exploited in the wild.

Using this bug (CVE-2022-2294), a remote attacker can execute arbitrary code on the target system and compromise it completely. The vulnerability exists due to a boundary error within WebRTC implementation. The attacker can trick the victim to visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

The bug affects both Android and Windows versions of Google’s browser. The issue was addressed in Chrome 103.0.5060.114 for Windows. For now, the update is available through the Stable Desktop channel, but according to the tech giant, the new version will be rolled out to all users in days or weeks.

Google also fixed the vulnerability in Chrome 103 (103.0.5060.71) for Android. The new version will become available on Google Play over the next few days.

As always, Google haven’t shared any details about this zero-day except the fact that it is exploited by hackers. Any information about the attacks is not available either.

This is the fourth zero-day vulnerability in Chrome fixed by Google in 2022. Previously, the tech giant patched zero-day vulnerabilities CVE-2022-1364 (April 14th), CVE-2022-1096 (March 25th) and CVE-2022-0609 (February 14th).

According to recent Google report, half of 2022's zero-days are the variants of zero-day vulnerabilities patched last year.

Back to the list

Latest Posts

Argentina's Judiciary of Cordoba targeted with ransomware

Argentina's Judiciary of Cordoba targeted with ransomware

The incident described as “worst attack on public institutions in history” impacted the agency’s website, digital services and databases.
16 August 2022
Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine

Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine

The group’s targets include defense and intelligence consulting companies, NGOs, IGOs, and higher education institutions.
16 August 2022
Russia-linked Gamaredon is continuing to target Ukrainian orgs with info-stealers

Russia-linked Gamaredon is continuing to target Ukrainian orgs with info-stealers

In the observed campaign the attackers leveraged a self-extracting 7-Zip file, which was downloaded via the system’s default browser.
15 August 2022