Microsoft Edge gets emergency patch for severe zero-day vulnerability

A recently discovered zero-day is being exploited in the wild

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A few days afterGooglepatched a high-severity bug that was being exploited in the wild,Microsofthas done the same for Edge.

Tracked as CVE-2022-2294, the flaw is present in the Chromiumbrowserengine, which means both Chrome and Edge are affected.

Other than revealing the zero-day is being exploited in the wild, Google has kept the details to itself. This is most likely to give users enough time topatchtheir endpoints, and to avoid supplying threat actors with ammunition for further attacks.

Known zero-day

Known zero-day

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”

We do know the flaw is a high-severity heap-based buffer overflow weakness, discovered by Avast’s Jan Vojtesek, in the WebRTC (Web Real-Time Communications) component.

Google Chrome users told to update immediately or risk attack>Microsoft patches active zero-day Chromium flaw in Edge>Best privacy tools and anonymous browsers in 2022

In the same vein, Microsoft has decided to stay tight-lipped as well. “This update contains a fix for CVE-2022-2294, which has been reported by the Chromium team as having an exploit in the wild,” the company said in the patch log.

The Edge build that plugged the hole is 103.0.1264.48, and users are advised to update immediately, in case the browser doesn’t do so automatically.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To make sure you are running the latest version of the browser, open up the menu and navigate to Help and Feedback > About Microsoft Edge.

ViaNeowin

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics