Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Google warns of new Chrome hack attacks aimed at Windows and Android

Google has confirmed another Chrome zero-day security exploit, which would be the fourth this year.

user icon
Mon, 11 Jul 2022
Google warns of new Chrome hack attacks aimed at Windows and Android
expand image

In a post on 4 July, Google confirmed an update to Chrome 103.0.5060.114 for Windows would start rolling out in the coming days. The company warns that hack attacks have been spotted in the wild with Android and Windows impacted.

Google's Chrome browser will automatically update to this patched version, and protection will be in place once the application is restarted, due to CVE-2022-2294.

The emergence of CVE-2022-2294

============
============

According to an Avast Threat Intelligence team member, CVE-2022-2294 is a high-severity security vulnerability and described as a heap buffer overflow in RTC.

Full details are being withheld until such a time that most Chrome users have had a chance to update. Google is urging users to update as quickly as possible because this is a zero-day threat.

After Google rushed to fix the issue after it had been reported on 1 July, it also confirmed that the company "is aware that an exploit for CVE-2022-2294 exists in the wild".

Two other high-severity vulnerabilities have also been confirmed as fixed in this latest update: CVE-2022-2295 (type confusion in V8) and CVE-2022-2296 (use after free in Chrome OS Shell).

Windows users are advised to install the Chrome update as a matter of urgency. Located in the Help/About option in the Chrome menu, users can force an update check to download and install the update as required. Users will not be protected until after a browser restart.

[Related: Port Phillip Prison in Melbourne hit by cyber attack]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.