Google released security updates on Monday to fix a zero-day vulnerability of high severity in Chrome's web browser. However, it is said that the vulnerability is being exploited wildly on a huge number of computers.
CVE-2022-2294 is the name of that flaw. It's caused by a heap overload in the WebRTC component. This component provides real-time audio/video communication capabilities in browsers without needing plugins or downloading native apps.
Heap buffer overloads (also known as heap smashing or heap overrun) are when data in the heap area is written to the memory. This can lead to code execution or a denial of service (DoS).
MITRE says that heap-based overflows are used to overwrite function pointers that may exist in memory and point it to the attacker's code. This can subvert any security service if the result is arbitrary execution.
Jan Vojtesek, an Avast Threat Intelligence group member, was credited with reporting the flaw. The bug has also affected Chrome on Android.
In the usual case with a zero-day exploit, all details regarding the flaw and other details related to the campaign were withheld to prevent abuse in the wild.
CVE-2022-2294 marks the resolution of the fourth zero-day vulnerability in Chrome since the beginning of the year.
CVE-2022-0609: Use-after-free Animation
#GiveAway BY Insane
Do you know that we give away around $500 USD in cash prizes every week?