Google is actively patching exploited vulnerability in Chrome’s WebRTC component
Google has fixed a vulnerability in Chrome that was being actively exploited. The zero day was in the WebRTC component. It was a heap-based buffer overflow discovered a few days ago.
The vulnerability has been registered as CVE-2022-2294. Details about the bug have not yet been announced. Google writes in a short blog post that the bug was discovered on July 1 by security company Avast. It would be a heap-based buffer overflow in the WebRTC component that is rated ‘High’. A heap-based buffer overflow allows for various types of offensive actions, from crashing programs to executing code. What exactly was done with this bug is unknown. According to Google, the zero-day was actively abused, but details are also missing.
The bug has been fixed in Chrome 103.0.5060.114 for Windows and Chrome 103.0.5060.71 for Android. Two other vulnerabilities are also fixed in that version. Those are CVE-2022-2295 and CVE-2022-2296. The first is a type confusion in Chrome’s V8 engine, the second is a use-after-free vulnerability in the Chrome OS shell.