Google has pushed out a patch for Chrome to plug a zero-day vulnerability that’s been exploited by hackers out in the wild. You’ll want to make sure you have this update as soon as possible.
As detailed in the latest Google security advisory (opens in new tab), the Chrome 103.0.5060.114 for Windows and Mac (103.0.5060.71 for Android) update patches the flaw tracked as CVE-2022-2294 (opens in new tab). And the patch is rolling out now.
Google has kept the lid on the details of the exploit so as to protect users that have yet to get the Chrome patch. But it’s a high severity flaw that’s a heap-based buffer overflow weakness in the browser’s WebRTC component, as reported by Jan Vojtesek from the Avast Threat Intelligence team on July 1.
In plain English, this type of flaw allows for hackers to exploit a buffer overflow, whereby a program writes data beyond the boundary of allocated memory, and can be used to crash programs and execute arbitrary code by bypassing security measures.
“Besides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker’s code,” the listing (opens in new tab) for heap-based buffer overflow vulnerabilities explains. “Even in applications that do not explicitly use function pointers, the run-time will usually leave many in memory.”
While Google hasn't detailed how vulnerability has been used by hackers, you’ll want to make sure your Chrome browser is protected against it to keep opportunistic cyber criminals at bay.
This is rather easy to do; in Windows, simply click on the three vertical dots in the top right-hand side of the Chrome browser to access the browser’s main menu. From there, head to the Settings option, which is towards the bottom of the list, and click on it.
Under settings, navigate to the Help section, then click on the “About Google Chrome'' option for on the left-hand side. This will then trigger Chrome to check if you are running the latest version of the browser. If you aren't, don’t worry as Chrome will automatically begin updating to the latest version, downloading and installing it for you.
On Mac, simply click on the Chrome menu in the top left of your screen, then click on About Google Chrome and you'll be taken straight to the screen which checks for updates.
After this is done on Windows or Mac, you’ll need to relaunch Chrome, which you'll be prompted to do, and the update will be applied.
Make sure to check that Chrome is up to date, as even if you’re not the target of a hacker, getting the latest updates can protect you from security holes and make for a more stable browsing experience, as well as introduce new features from time to time.