Google has issued an unpredicted update to its Chrome browser to handle a zero-day WebRTC flaw that is actively being exploited.
The culprit is CVE-2022-2294, and is a problem in WebRTC – the code that imbues browsers with actual-time comms capabilities.
Particulars of the flaw, amount 1341043, are not presently in depth in the Chromium project bug log, and details of the CVE have not been released at the time of composing. But Google’s notification of a new browser model describes it as: “Heap buffer overflow in WebRTC. Noted by Jan Vojtesek from the Avast Menace Intelligence team on 2022-07-01.”
The correct is installing Chrome 103..5060.114 for Windows and Chrome 103..5060.71 for Android, both of those of which will look soon.
Google suggests the flaw is less than lively attack, but delivers no insight into how just one could detect it or defend against it other than by updating Chrome. Provided the nature and reason of WebRTC, it is in all probability best not to use browser-dependent comms equipment till you can update.
The Chrome updates also address other flaws, specifically:
- CVE-2022-2296, a use just after free of charge mistake in Chrome OS Shell
All three flaws are rated Higher severity.
The release of new Chrome cuts is the fourth time in 2022 that Google has wanted to challenge crisis fixes. Luckily, Chrome updates itself with little consumer intervention essential, so the software’s numerous tens of millions of users must be protected from these newest challenges in short get. Whether or not they’re safe and sound in the extended run is another problem.
The WebRTC flaw was described on July 1 and Google’s notification of up to date Chrome cuts to fix it is dated July 4, suggesting people on the Chrome group misplaced a weekend making ready the deal with and did so with decent velocity. But negative actors can make a large amount of mischief in 3 days … ®