Google has released an emergency Chrome 103.0.5060.114 update for Windows users to fix a high-severity zero-day vulnerability that has been shown to be exploited by hackers. This is also the fourth zero-day bug to be fixed by Google in 2022. In a security advisory released Monday, Google wrote: “The vulnerability numbered CVE-2022-2294 has been shown to be exploited by hackers.”
Currently, Google is rolling out the Chrome 103.0.5060.114 emergency update to users worldwide, which will be available immediately when users check for the new update via Chrome Menu > Help > About Google Chrome.
The zero-day vulnerability (tracked as CVE-2022-2294) fixed today exists in the WebRTC (Web Real-Time Communication) component that causes a heap-based buffer overflow, reported by Jan Vojtesek of the Avast Threat Intelligence Team on Friday, July 1. The scope of impact of a successful heap overflow includes program crashes and arbitrary code execution, which can bypass security solutions if code execution is achieved during the attack.
While Google says the zero-day vulnerability has been exploited by hackers, the company has not shared technical details or any information about the incidents. “Access to vulnerability details and links may remain limited until most users are updated with a fix,” Google said. “If the bug exists in a third-party library that other projects also rely on, but hasn’t been fixed, we’ll also keep it limited.”