Google patches high-risk Chrome zero-day vulnerability

Flaw is a heap buffer overflow in WebRTC

Google has released a Chrome update to deal with another high-risk zero-day vulnerability, the fourth this year.

Google has not, as of yet, released technical details, but in a version update notice the flaw is described as a "heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01".

On 4th July, Google said in a blog post: "Google is aware that an exploit for CVE-2022-2294 exists in the wild."

It said that the zero-day vulnerability was exploited by hackers in the wild.

Chrome 103.0.5060.114 should be available to all users within weeks.

The browser continually checks and downloads updates when they are released. Once this new fix is installed, Chrome should be protected.

Users can manually check for the update by navigating on the Chrome homepage to Help and then About. This causes an immediate check as to whether Chrome is fully up-to-date.

Google added: "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."

The upcoming Chrome version also patches high-severity flaws in with the V8 JavaScript engine and the Chrome OS shell.

Previously, three zero-day vulnerabilities were discovered by Google this year on February 14th, March 25th and April 14th. This first vulnerability was exploited by North Korean hackers as early as January 4th this year to send phishing emails.