A fourth zero-day hack has struck Chrome, and Google is urging users to upgrade their browsers. Here’s everything you need to know.

Posting on the official Chrome blog, Google said the exploit (CVE-2022-2294) affects Windows and Android users, admitting “Google is aware that an exploit for CVE-2022-2294 exists in the wild.” The company also confirmed two further High-level security threats.

While Google restricts information about vulnerabilities until users have had the chance to upgrade, the company has provided the following details.

  • High CVE-2022-2294 [Zero-Day threat]: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01
  • High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16
  • High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19

WebRTC (Web Real-Time Communications) is an open-source project that enables real-time voice, text and video communications capabilities between web browsers and devices. It was developed by Global IP Solutions (or GIPS), a Swedish company, in 1999 before Google acquired GIPS in 2011.

As for the other two, V8 is Chrome’s component responsible for processing JavaScript, the engine at the heart of Chrome, and this vulnerability also affects Windows and Android. CVE-2022-2296 impacts Windows only, and Use After Free (a memory exploit) is the most common route researchers have used to exploit the browser in recent years. Almost 100 UAF vulnerabilities have been found in Chrome in 2022 alone.

In response, Google has released Chrome 103.0.5060.114 for Windows and 103.0.5060.71) for Android. While Android can automatically update and restart Chrome itself, Windows users must follow these steps:

Sponsored
  1. Click the three dots in the top right corner of Chrome.
  2. Click Settings > Help > About Google Chrome.
  3. Wait for Chrome to find and install the update.
  4. When prompted, restart Chrome (this last step is critical).

Zero-Day hacks are increasing across all major platforms, and Google has stressed that web browsers are no exception. If you use Chrome, there has never been a more important time to stay diligent.

___

Follow Gordon on Facebook

More On Forbes

Sponsored

Leave a Reply

Your email address will not be published.