Google fixes the fourth Chrome zero-day in 2022

Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022.

Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild.

The flaw is a heap buffer overflow that resides in the Web Real-Time Communications (WebRTC) component, it is the fourth zero-day patched by the IT giant in 2022.

“Google is aware that an exploit for CVE-2022-2294 exists in the wild.,” reads the advisory published by Google.

Google hasn’t shared technical details of the attacks that exploited the vulnerability in the wild and has yet to attribute it to a certain threat actor.

The vulnerability was reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” Google added.

The other Chrome zero-day vulnerabilities addressed by Google this year are:

  • CVE-2022-1364 (April 14) –  type confusion issue that resides in the V8 JavaScript engine
  • CVE-2022-1096 – (March 25) – type Confusion in V8 JavaScript engine
  • CVE-2022-0609 – (February 14) – use after free issue that resides in the Animation component.

recommended to install today’s Google Chrome update as soon as possible.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Chrome)

The post Google fixes the fourth Chrome zero-day in 2022 appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source