Serious New Threat Revealed For Millions Of Google Chrome Users

A fourth zero-day hack has hit Chrome, and Google is urging users to upgrade their browsers. Here’s everything you need to know.

On the official Chrome blog, Google stated that the exploit (CVE-2022-2294) affects Windows and Android users, admitting that “Google is aware that an exploit for CVE-2022-2294 exists in the nature “. The company also confirmed two other high-level security threats.

Advertising

While Google has restricted information about vulnerabilities until users have had a chance to upgrade, the company has provided the following details.

  • High – CVE-2022-2294 [Zero-Day threat]: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek of the Avast Threat Intelligence team on 2022-07-01
  • High – CVE-2022-2295: Type confusion in V8. Reported by avaue and Buff3tts to SSL on 2022-06-16
  • High – CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19

WebRTC (Web Real-Time Communications) is an open source project that enables real-time voice, text, and video communication capabilities between web browsers and devices. It was developed by Global IP Solutions (or GIPS), a Swedish company, in 1999 before Google acquired GIPS in 2011.

As for the other two, V8 is the Chrome component responsible for processing JavaScript, Chrome’s core engine, and this vulnerability also affects Windows and Android. CVE-2022-2296 only impacts Windows, and Use After Free (a memory exploit) is the most common route used by researchers to exploit the browser in recent years. Nearly 100 UAF vulnerabilities were found in Chrome in 2022 alone.

In response, Google released Chrome 103.0.5060.114 for Windows and 103.0.5060.71 for Android. While Android can automatically update and revert Chrome itself, Windows users should follow these steps:

  1. Click on the three dots in the upper right corner of Chrome.
  2. To click Settings > Help > About Google Chrome.
  3. Wait for Chrome to find and install the update.
  4. When prompted, replace Chrome (this last step critical).

Zero-Day hacks are spreading across all major platforms, and Google has pointed out that web browsers are no exception. If you use Chrome, there’s never been a more important time to stay diligent.

___

Follow Gordon on Facebook

Learn more about Forbes

MORE FORBESHow to Update Google Chrome

Leave a Comment