Google’s web browser is the victim of a major security vulnerability actively exploited on Windows. Update it without delay.
Google Chrome’s zero-day flaws follow one another, but are not necessarily alike. The American giant has just urgently released a security update for its web browser. This is the fourth zero-day flaw unearthed in Chrome since the beginning of this year. In its blog post, Google indicates that this breach, which bears the reference CVE-2022-2294, would be actively exploited by hackers.
The update should already be available, and should install automatically in the next few days. However, it is strongly recommended to manually force its installation without further delay. To do this, go to the main menu of Chrome, then to Assistanceby going to About Google Chrome. The browser should then automatically download version 103.0.5060.114.
Few details of the attack
Google gives relatively few details on this new zero day flaw. the blog post published yesterday only tells us that it is a flaw, affecting the WebRTC component, discovered by Jan Vojtesek of the Avast security research team. According to Bleeping Computer, exploiting this major security flaw could cause the browser to crash to execute arbitrary code. It could also be used to bypass existing security solutions if this code is executed during the attack. Until the majority of users use an updated version of Chrome, Google prefers to restrict access to the details of this flaw. In addition to patching this zero-day flaw, this new Chrome update fixes three other security flaws with a high level of importance.
This is the fourth time this year that Google Chrome has been hit by a zero-day flaw. Last February, the Mountain View firm had already had to close a breach in the “animation” module of its browser. In March, a bug in the Javascript engine, actively exploited by pirates, was corrected. Finally, in mid-April, Google still had to urgently offer a security update for its browser to correct a new zero-day flaw which again affected the browser’s javascript engine.
Source :
Bleeping Computer