1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google Chrome users told to update immediately or risk attack

    From TechnologyDaily@1337:1/100 to All on Tue Jul 5 11:00:05 2022
    Google Chrome users told to update immediately or risk attack

    Date:
    Tue, 05 Jul 2022 09:39:27 +0000

    Description:
    A zero-day vulnerability in Chrome is being actively exploited.

    FULL STORY ======================================================================

    Google has pushed out an update for the Windows version of its Chrome web browser to fix a zero-day vulnerability being actively exploited in the wild.

    The high-severity bug, tracked as CVE-2022-2294, has been patched with the latest Chrome build (103.0.5060.114), BleepingComputer reports.

    Google Chrome is usually updated automatically, as soon as the browser is opened by the user, so there is a good chance many installations have already been patched . However, Google says it may take a number of weeks for the patch to make its way to the remainder. Short on details

    In the meantime, Google is withholding details on the vulnerability and its exploit, so as not to give cybercriminals any ideas. We will have to wait a little longer to learn about the malware being used to leverage the flaw.

    "Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but havent yet fixed."

    We do know the flaw is a high-severity heap-based buffer overflow weakness, discovered by Avasts Jan Vojtesek, in the WebRTC (Web Real-Time Communications) component. Read more

    The most secure browsers around: Here's our pick


    Google Chrome update could end annoying pop-ups for good


    Google Chrome forced to fix yet another zero-day

    Threat actors that manage to successfully exploit this bug can crash programs and run arbitrary code on affected endpoints.

    This is hardly the first zero-day bug Google has fixed this year. In fact, this is the fourth, following CVE-2022-0609 (patched in February), CVE-2022-1096 (patched in March), and CVE-2022-1364 (patched in April).

    The first of the bunch was leveraged by North Korean state-sponsored actors, researchers said at the time.

    Administrators are advised to keep an eye on Chrome, and to make sure to install the patch, should the browser not do so automatically. Keep your devices secure with the best antivirus programs around

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/google-chrome-users-told-to-update-immediately- or-risk-attack/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)