The fourth zero-day hack hit Chrome, and Google is urging users to upgrade their browsers. Here’s everything you need to know.
Google, in its post on the official Chrome blog, said the exploit (CVE-2022-2294) affects Windows and Android users, acknowledging that “Google is aware that the CVE-2022-2294 exploit is in the wild.” The company also confirmed two other high-profile security threats.
While Google is restricting information about vulnerabilities until users have the opportunity to upgrade, the company has provided the following details.
- high – CVE-2022-2294 [Zero-Day threat]: WebRTC buffer overflow. Reported by Jan Vojtesek of Avast Threat Intelligence Team on 07-01-2022
- high – CVE-2022-2295: Type confusion in v8. Reported by avaue and Buff3tts in SSL on 06-16-2020
- high – CVE-2022-2296: Use it for free in Chrome OS Shell. Narrated by Khalil Zani on 05-19-2022
WebRTC (Web Real-Time Communications) is an open source project that enables real-time voice, text, and video communications capabilities between web browsers and devices. It was developed by Global IP Solutions (or GIPS), a Swedish company, in 1999 before GIPS was acquired by Google in 2011.
In response, Google released Chrome 103.0.5060.114 for Windows and 103.0.5060.71) for Android. While Android can update and restart Chrome itself automatically, Windows users should follow these steps:
- Click the three dots in the upper right corner of Chrome.
- click Settings > Help > About Google Chrome.
- Wait for Chrome to find and install the update.
- When prompted, restart Chrome (this is the last step very important).
Zero-day hacks are increasing across All major platformsGoogle stressed that web browsers are no exception. If you’re using Chrome, there’s never been a more important time to stay diligent.
Follow Gordon on Facebook
More about Forbes