What you need to know
- Google Chrome has been updated to address a critical zero-day vulnerability.
- The flaw affects the browser's WebRTC stack, which is under attack.
- The patch should be available to all users in the next few weeks.
Google has issued a patch to address a zero-day vulnerability in a component of Chrome's real-time communication capabilities. The search giant warns users that it's already being exploited in the wild.
The latest Chrome update (version 103.0.5060.114) for Windows addresses a threat, labeled CVE-2022-2294 (high-severity), which Google says is a critical security risk. The vulnerability affects the browser's implementation of WebRTC, a standard used in video and voice applications for real-time communications.
Google has warned users that the flaw "exists in the wild," which means attackers may have already exploited it. It was first discovered by Jan Vojtesek from the Avast Threat Intelligence team on July 1.
"Google is aware that an exploit for CVE-2022-2294 exists in the wild," the company said in an announcement.
Google hasn't shared any details about the vulnerability until the fix reaches the majority of users.
The vulnerability may lead to program crashes and arbitrary code execution, according to Bleeping Computer. Worse, attackers can bypass security software if code has already been executed.
The new patch is Google's fourth Chrome zero-day fix this year. In February, March, and April, the company released separate patches for various vulnerabilities, some of which were exploited by North Korean-backed state hackers.
Sign up for Black Friday email alerts!
Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the Android Central team.
Jay Bonggolto always keeps a nose for news. He has been writing about consumer tech and apps for as long as he can remember, and he has used a variety of Android phones since falling in love with Jelly Bean. Send him a direct message via Twitter or LinkedIn.