December 5, 2023

The fourth zero-day hack hit Chrome, and Google is urging users to upgrade their browsers. Here’s everything you need to know.

Google, in its post on the official Chrome blog, said the exploit (CVE-2022-2294) affects Windows and Android users, acknowledging that “Google is aware that the CVE-2022-2294 exploit is in the wild.” The company also confirmed two other high-profile security threats.

While Google is restricting information about vulnerabilities until users have the opportunity to upgrade, the company has provided the following details.

  • high CVE-2022-2294 [Zero-Day threat]: WebRTC buffer overflow. Reported by Jan Vojtesek of Avast Threat Intelligence Team on 07-01-2022
  • high CVE-2022-2295: Type confusion in v8. Reported by avaue and Buff3tts in SSL on 06-16-2020
  • high CVE-2022-2296: Use it for free in Chrome OS Shell. Narrated by Khalil Zani on 05-19-2022

WebRTC (Web Real-Time Communications) is an open source project that enables real-time voice, text, and video communications capabilities between web browsers and devices. It was developed by Global IP Solutions (or GIPS), a Swedish company, in 1999 before GIPS was acquired by Google in 2011.

For the other two, V8 is the Chrome component responsible for processing JavaScript, the engine at the heart of Chrome, and this vulnerability also affects Windows and Android. CVE-2022-2296 affects Windows only, and use after Free (a memory exploit) is the most common path researchers have used to exploit the browser in recent years. Nearly 100 UAF vulnerabilities were found in Chrome in 2022 alone.

In response, Google released Chrome 103.0.5060.114 for Windows and 103.0.5060.71) for Android. While Android can update and restart Chrome itself automatically, Windows users should follow these steps:

  1. Click the three dots in the upper right corner of Chrome.
  2. click Settings > Help > About Google Chrome.
  3. Wait for Chrome to find and install the update.
  4. When prompted, restart Chrome (this is the last step very important).

Zero-day hacks are increasing across All major platformsGoogle stressed that web browsers are no exception. If you’re using Chrome, there’s never been a more important time to stay diligent.


Follow Gordon on Facebook

More about Forbes

More from ForbesHow to update google chrome

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *