Chrome’s Zero-Day exploit, the fourth this year, has just been confirmed by Google. It warns that hack attacks have been spotted in the wild with Android and Windows users in the crossfire.
On the Fourth of July, Google confirmed Chrome 103.0.5060.114 update for Windows It will start rolling out in the coming days and weeks. While Chrome will automatically update to this patched version, and the protections will be in place once you restart the app, there’s a very good reason not to wait this month. this is the reason CVE-2022-2294.
What is CVE-2022-2294?
This high-risk vulnerability, reported by a member of the Avast Threat Intelligence team, has been described as a buffer overflow in the RTC. Full details are withheld until such time as most Chrome users have a chance to update. The reason is that it has to be sooner, and in fact a lot closer, than this is the zero-day threat. It was only reported on July 1, and Google was quick to fix it while confirming it was “aware of an exploit of CVE-2022-2294 in the wild.”
Two other high-risk vulnerabilities that are fixed in this latest update have also been confirmed: CVE-2022-2295 (type confusion in V8) and CVE-2022-2296 (used for free in Chrome OS Shell).
Chrome for Android is also under active attack
At the same time, Android users are also advised to update as soon as possible for the same reason. CVE-2022-2294 also affects Android Chrome app and Google confirmed that attacks were detected in the wild. Chrome version number for Android protected is 103.0.5060.71, which will be available via Google Play
What Windows users need to do now to protect against this new threat to Google Chrome
Windows users are advised to install Chrome update as a matter of urgency. You can do this by heading to the help option | About in Chrome menu, force update check, download and install automatically as required. Remember that you will not be protected until you restart your browser.