Google has released Chrome 103.0.5060.114 for Windows with fixes for multiple vulnerabilities, to include one High severity zero-day (CVE-2022-2294) exploited in the wild.
An attacker could exploit this vulnerability to take control of impacted systems.
The latest Chrome 103 (103.0.5060.114) security update patched four vulnerabilities in total, to include one High severity zero-day ‘Heap buffer overflow in WebRTC’ vulnerability CVE-2022-2294. WebRTC is a free and open-source project that allows real-time communication capabilities to web browsers and mobile applications.
“Google is aware that an exploit for CVE-2022-2294 exists in the wild,” Google warned in the advisory.
Moreover, Google also addressed two other High severity vulnerabilities:
- CVE-2022-2295: Type Confusion in V8.
- CVE-2022-2296: Use after free in Chrome OS Shell.
Finally, Google also released a security update for Chrome 103 (103.0.5060.71) for Android with fixes for three vulnerabilities, to include the same zero-day CVE-2022-2294 exploited in the wild.
- CISA adds 9 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include new Chrome zero-day)
- Google releases Chrome 100 security update with fix for zero-day vulnerability (CVE-2022-1364) exploited in the wild
- Google releases Chrome 99 security update with fix for zero-day vulnerability (CVE-2022-1096) exploited in the wild
- CISA adds 9 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include new Adobe and Chrome zero-days)