Google Chrome users told to update immediately or risk attack

A zero-day vulnerability in Chrome is being actively exploited

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas pushed out an update for the Windows version of its Chromeweb browserto fix a zero-day vulnerability being actively exploited in the wild.

The high-severity bug, tracked as CVE-2022-2294, has been patched with the latest Chrome build (103.0.5060.114),BleepingComputerreports.

Google Chrome is usually updated automatically, as soon as the browser is opened by the user, so there is a good chance many installations have already beenpatched. However, Google says it may take a number of weeks for the patch to make its way to the remainder.

Short on details

In the meantime, Google is withholding details on the vulnerability and its exploit, so as not to give cybercriminals any ideas. We will have to wait a little longer to learn about themalwarebeing used to leverage the flaw.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

We do know the flaw is a high-severity heap-based buffer overflow weakness, discovered by Avast’s Jan Vojtesek, in the WebRTC (Web Real-Time Communications) component.

The most secure browsers around: Here’s our pick>Google Chrome update could end annoying pop-ups for good>Google Chrome forced to fix yet another zero-day

Threat actors that manage to successfully exploit this bug can crash programs and run arbitrary code on affected endpoints.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This is hardly the first zero-day bug Google has fixed this year. In fact, this is the fourth, following CVE-2022-0609 (patched in February), CVE-2022-1096 (patched in March), and CVE-2022-1364 (patched in April).

The first of the bunch was leveraged by North Korean state-sponsored actors, researchers said at the time.

Administrators are advised to keep an eye on Chrome, and to make sure to install the patch, should the browser not do so automatically.

ViaBleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time