Google Chrome users told to update immediately or risk attack

Google has pushed out an update for the Windows version of its Chrome web browser to fix a zero-day vulnerability being actively exploited in the wild.

The high-severity bug, tracked as CVE-2022-2294, has been patched with the latest Chrome build (103.0.5060.114), BleepingComputer reports.

Google Chrome is usually updated automatically, as soon as the browser is opened by the user, so there is a good chance many installations have already been patched. However, Google says it may take a number of weeks for the patch to make its way to the remainder.

Short on details

In the meantime, Google is withholding details on the vulnerability and its exploit, so as not to give cybercriminals any ideas. We will have to wait a little longer to learn about the malware being used to leverage the flaw.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed."

We do know the flaw is a high-severity heap-based buffer overflow weakness, discovered by Avast’s Jan Vojtesek, in the WebRTC (Web Real-Time Communications) component.

Threat actors that manage to successfully exploit this bug can crash programs and run arbitrary code on affected endpoints. 

This is hardly the first zero-day bug Google has fixed this year. In fact, this is the fourth, following CVE-2022-0609 (patched in February), CVE-2022-1096 (patched in March), and CVE-2022-1364 (patched in April).

The first of the bunch was leveraged by North Korean state-sponsored actors, researchers said at the time.

Administrators are advised to keep an eye on Chrome, and to make sure to install the patch, should the browser not do so automatically.

Via BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/nmbfgK4
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us