[ad_1]
Google on Monday shipped safety updates to handle a high-severity zero-day vulnerability in its Chrome internet browser that it stated is being exploited within the wild.
The shortcoming, tracked as CVE-2022-2294, pertains to a heap overflow flaw within the WebRTC part that gives real-time audio and video communication capabilities in browsers with out the necessity to set up plugins or obtain native apps.
Heap buffer overflows, additionally known as heap overrun or heap smashing, happen when knowledge is overwritten within the heap space of the reminiscence, resulting in arbitrary code execution or a denial-of-service (DoS) situation.
“Heap-based overflows can be utilized to overwrite perform pointers that could be dwelling in reminiscence, pointing it to the attacker’s code,” MITRE explains. “When the consequence is unfair code execution, this could usually be used to subvert some other safety service.”
Credited with discovering and reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Menace Intelligence crew. It is value mentioning that the bug additionally impacts the Android model of Chrome.
As is often the case with zero-day exploitation, particulars pertaining to the flaw in addition to different specifics associated to the marketing campaign have been withheld to forestall additional abuse within the wild and till a big chunk of customers are up to date with a repair.
CVE-2022-2294 additionally marks the decision of the fourth zero-day vulnerability in Chrome because the begin of the 12 months –
Customers are really helpful to replace to model 103.0.5060.114 for Home windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Customers of Chromium-based browsers similar to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and once they grow to be accessible.
[ad_2]
Source link