Security risk in the world of IT is the major concern that scares the users and companies end up dealing with such risks by giving new improved updates to secure the users’ data and information. Recently Google has launched updates to deal with the Zero-day exploit in its Chrome web browser. The company says that the old Google Chrome has been exploited in the wild. Due to this, the company has asked people to update Google Chrome web browser to prevent zero-day exploit.
The problem relates to a heap overflow flaw in the WebRTC component and it has been tracked as CVE-2022-2294. The WebRTC component actually provides real-time audio and video communication competencies in browsers. With this component, there is no need to install plugins or download native apps.
The problem has been detected by Jan Vojtesek on July 1, 2022, who is from Avast Threat Intelligence team.
MITRE explains the technicalities of the situation in a simpler way for the users:
“Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker’s code. When the consequence is arbitrary code execution, this can often be used to subvert any other security service.”
These heap buffer overflows are also known to be heap smashing or heap over-run. It occurs in a situation when the data is overwritten in the heap areas of the memory. This results in the denial of service (DoS) condition which is explained above by MITRE as code execution. It is also worth mentioning that the hug also has effects on the Android version of Google Web Chrome.
It is not the first time that the Zero-day vulnerability has stricken the system. This year before CVE-2022-2294, three bugs arrived and had been controlled by the company. These are as follows:
- CVE-2022-0609– Use-after-free in Animation
- CVE-2022-1096– Type confusion in V8
- CVE-2022-1364– Type confusion in V8
To tackle CVE-2022-2294, users are recommended to update to version 103.0.060.114 for Windows, Linux, and macOS. The Android users update to version 103.0.5060.71 to defeat the bug. The users of Brava, Opera, Vivaldi, and Microsoft Edge are also advised to apply the fixes when the company makes them available to them.