Google has confirmed the latest Chrome zero-day bug CVE-2022-2294 to have caught the adversaries’ attention before a patch. Google detected active exploitation of the flaw in the wild, affecting WebRTC components.
Google has deemed it a high-severity vulnerability but has refrained from sharing further details for now. It’s a general practice with the firm to avoid publicly disclosing bug details to give ample time to the users for patching, and to avoid excessive exploitation.
In addition, Google has also patched three other vulnerabilities, two of which were reported by external researchers. These include CVE-2022-2295, a high-severity type confusion vulnerability affecting the V8 component. This bug first caught the attention of avaue and Buff3tts at S.S.L., who won a $7500 bounty for reporting it to Google.
Google has fixed these vulnerabilities with Chrome 103.0.5060.114 for Windows. It also rolled out the fixes for CVE-2022-2294 and CVE-2022-2295 with Chrome 103.0.5060.71 for Android. So, as the latest release fixes the vulnerability, users must ensure updating their devices to prevent possible exploitations.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
