Analysis
On the 1st of July, a zero-day vulnerability was reported by Jan Vojtesek member of Avast threat Intel team, the vulnerability found and reported is a heap buffer overflow vulnerability in an open-source project “web Real-time communication (webRTC)” which was used in google chrome, the webRTC enables real-time video and audio communications capabilities with the device and browser.
Later the vulnerability was exploited in the wild and chrome was aware of it, it was also reported by researchers that successful exploitation of the vulnerability by an attacker can lead to RCE (Remote Code Execution).
The vulnerability is listed in common vulnerability and exposures as CVE-2022-2294. Currently, Google chrome has restricted the details of the vulnerability till the majority of the users update the secure version of the browser.
Microsoft defender for endpoint has urged its users to update to the latest version of google chrome and classified the severity of the vulnerability as “HIGH” based on Common Vulnerability Scoring System (CVSS 3). The latest update of Google Chrome also fixes the two other high-severity vulnerabilities with CVE-2022-2295 and CVE-2022-2296.
Prevention
- Update to the latest version of Google Chrome 103.0.5060.114 or to the later version.
- Enable Auto update in Chrome browser, so that regular security updates are not missed.
References
Chrome Releases
CWE- The MITRE Corporation
