[ad_1]
Google on Monday shipped safety updates to handle a high-severity zero-day vulnerability in its Chrome internet browser that it mentioned is being exploited within the wild.
The shortcoming, tracked as CVE-2022-2294, pertains to a heap overflow flaw within the WebRTC part that gives real-time audio and video communication capabilities in browsers with out the necessity to set up plugins or obtain native apps.
Heap buffer overflows, additionally known as heap overrun or heap smashing, happen when knowledge is overwritten within the heap space of the reminiscence, resulting in arbitrary code execution or a denial-of-service (DoS) situation.
“Heap-based overflows can be utilized to overwrite perform pointers that could be residing in reminiscence, pointing it to the attacker’s code,” MITRE explains. “When the consequence is unfair code execution, this may usually be used to subvert another safety service.”
Credited with discovering and reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Risk Intelligence staff. It is value mentioning that the bug additionally impacts the Android model of Chrome.
As is normally the case with zero-day exploitation, particulars pertaining to the flaw in addition to different specifics associated to the marketing campaign have been withheld to forestall additional abuse within the wild and till a big chunk of customers are up to date with a repair.
CVE-2022-2294 additionally marks the decision of the fourth zero-day vulnerability in Chrome for the reason that begin of the yr –
Customers are beneficial to replace to model 103.0.5060.114 for Home windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Customers of Chromium-based browsers akin to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and after they change into obtainable.
[ad_2]
Source link