"Emergency Chrome 103 Update Patches Actively Exploited Vulnerability"

Google recently announced the release of an emergency chrome update that patches an actively exploited zero-day vulnerability.  The flaw tracked as CVE-2022-2294 has been described as a heap buffer overflow in WebRTC.  An Avast Threat Intelligence team member reported the security hole to Google on July 1.  The zero-day has been patched with the release of Chrome 103.0.5060.114 for Windows.  Google has not released information about the attacks exploiting CVE-2022-2294.  This is the fourth actively exploited Chrome vulnerability that Google has patched this year.  In addition to CVE-2022-2294, the latest Chrome update patches two other high-severity issues: CVE-2022-2295, a type confusion in the V8 engine, and CVE-2022-2296, a use-after-free in the Chrome OS Shell component.

 

SecurityWeek reports: "Emergency Chrome 103 Update Patches Actively Exploited Vulnerability"

Submitted by Anonymous on