Google released Chrome 103.0.5060.114 for Windows to counter a high-severity zero-day vulnerability exploited by attackers in the wild. It is the fourth Chrome zero-day exploited in 2022 and can be patched as needed with the latest download by Windows users of Chrome 103.0.5060.114. Google wrote in their statement that they are aware of an exploit in the wild that affects CVE-2022-2294.
The 103.0.5060.114 version of Chrome is rolling out around the world, and Google expects that most people will have it within a few weeks at most. When the browser checked for new updates, the Chrome browser automatically alerted us with a message about the update. Web browsers can download new updates and automatically install them at the next launch.
The impact of a successful heap overflow exploit can range from crashing the program to executing arbitrary code and bypassing security if the attack is successful. Google says the zero-day vulnerability was exploited in the wild but did not share any information about these incidents. Google's quoting statement: "Access to bug details and links may be kept restricted until a majority of users are updated with a fix."
If a bug is present in another project but does not affect the users of that project, we will still retain it. Chrome users should be able to protect themselves by updating before new information is released. Google has not revealed when more information will be made available.
The three previous zero-day exploits that were found and patched in 2022 were:
Google found that CVE-2022-0609 had been exploited by North Korean-backed state hackers and was being used months before the research for a patch. The earliest signs of exploitation were on January 4, 2022.
Recently, two North Korean-sponsored threat groups have abused the exploit kit, serving malicious code to their targets by phishing with fake job lures and compromised websites. We strongly recommend installing the update today, as it will protect you from known attacks. While Chrome's new zero-day capabilities are powerful, they also have some drawbacks.
One of these is that Chrome requires vulnerability in the website or application to exploit it.
Another drawback is that Chrome's new exploit techniques are not well known. This means that it is difficult for website owners to detect and fix the vulnerability.
Finally, Chrome's new exploit techniques are limited to websites and applications that allow user input. They cannot be used to attack websites that are not vulnerable to user input vulnerabilities.
These drawbacks are important to consider when using Chrome's new zero-day capabilities. By understanding their advantages and drawbacks, you can make informed decisions about how to use them.
The 103.0.5060.114 version of Chrome is rolling out around the world, and Google expects that most people will have it within a few weeks at most. When the browser checked for new updates, the Chrome browser automatically alerted us with a message about the update. Web browsers can download new updates and automatically install them at the next launch.
Google Patches New Chrome Malware Flaw Exploited in Attacks
The high severity CVE-2022-2294 bug was fixed today. It is a weakness in the WebRTC component, which is a part of Web Real-Time Communications. Jan Vojtesek, of Avast Threat reported it on Friday, July 1st.The impact of a successful heap overflow exploit can range from crashing the program to executing arbitrary code and bypassing security if the attack is successful. Google says the zero-day vulnerability was exploited in the wild but did not share any information about these incidents. Google's quoting statement: "Access to bug details and links may be kept restricted until a majority of users are updated with a fix."
If a bug is present in another project but does not affect the users of that project, we will still retain it. Chrome users should be able to protect themselves by updating before new information is released. Google has not revealed when more information will be made available.
Google Also Fixed the Fourth Chrome Zero-Day to Date
Search engine giant Google has fixed the fourth Chrome zero-day since the start of the year with this update.The three previous zero-day exploits that were found and patched in 2022 were:
- April 14 CVE-2022-1364 Google patch release schedule.
- CVE-2022-1096 - March 25th.
- CVE-2022-0609 - February 14th.
Google found that CVE-2022-0609 had been exploited by North Korean-backed state hackers and was being used months before the research for a patch. The earliest signs of exploitation were on January 4, 2022.
Recently, two North Korean-sponsored threat groups have abused the exploit kit, serving malicious code to their targets by phishing with fake job lures and compromised websites. We strongly recommend installing the update today, as it will protect you from known attacks. While Chrome's new zero-day capabilities are powerful, they also have some drawbacks.
One of these is that Chrome requires vulnerability in the website or application to exploit it.
Another drawback is that Chrome's new exploit techniques are not well known. This means that it is difficult for website owners to detect and fix the vulnerability.
Finally, Chrome's new exploit techniques are limited to websites and applications that allow user input. They cannot be used to attack websites that are not vulnerable to user input vulnerabilities.
These drawbacks are important to consider when using Chrome's new zero-day capabilities. By understanding their advantages and drawbacks, you can make informed decisions about how to use them.