Stop what you’re doing and go update Chrome right now. The latest version of the browser indeed contains a patch for a very serious security flaw that has already been exploited.
Chrome users on Windows, macOS and Linux must imperatively update the browser to its latest version numbered 103.0.5060.114. Those using it on Android have received an update to 103.0.5060.71. Internet users equipped with a Chromium browser (Edge, Brave, Opera, Vivaldi) are also strongly encouraged to update it.
Flaw already exploited
In question, a “zero day” security flaw, ie which has already been exploited by hackers. The vulnerability referenced as CVE-2022-2294 was discovered by Avast security researcher Jan Vojtesek, who reported it to Google on July 1 this year. The fix didn’t take long to develop, but the danger was very serious.
In detail, the flaw affects the webRTC component which provides Chrome with real-time audio and video playback capabilities without going through a plug-in or downloading an additional application. It allows a heap overflow attack, which leads to the execution of arbitrary code and sets up the conditions for a denial of service.
As always with regard to a “zero day” flaw, the information shared with the general public is deliberately not very detailed. This is to avoid putting hackers in the way of its exploitation. For Chrome, this is the fourth such vulnerability fixed since the beginning of the year.
Users of Chrome or Chromium-based browsers should enable automatic download and installation of updates in the software preferences.
Bitdefender Plus Antivirus