Monday, February 10, 2025
HomeChromeWarning!! Google Chrome 0-Day Bug Exploited in Wide - Update Now!

Warning!! Google Chrome 0-Day Bug Exploited in Wide – Update Now!

Published on

SIEM as a Service

Follow Us on Google News

Google released a new version of Chrome 103.0.5060.114, a stable chennal update with the fixes of security vulnerabilities, including a Zero-day bug that was exploited wide by unknown threat actors.

Chrome 103 was released with the fixed for 4 security vulnerabilities reported by external security researchers.

CVE-2022-2294, a Heap-based buffer overflow zero-day bug allows attackers to execute an arbitrary code remotely and bypass the protection mechanism, additionally, it leads to DoS: Crash, Exit, or Restart the affected system.

“A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()”. mitre explains.

Here are the other bugs that were fixed in this new security update:

  • High CVE-2022-2294: Heap buffer overflow in WebRTC.
  • High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L.
  • High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani

The Zero-day bug affected both Windows and Android versions and the bug was reported by Jan Vojtesek from the Avast Threat Intelligence team.

The attacker behind this exploit is still unknown. Google says this zero-day vulnerability was exploited in the wild and does not yet share technical details or any info regarding these incidents.

Chrome 103.0.5060.114 Update:

Users can update the new version of chrome by checking Chrome menu > Help > About Google Chrome, where it will check auto-update and request you to relaunch the browser after the patch gets downloaded.

As Google Confirms that the bug is active under attack, Users are urged to update chrome immediately to apply the patch.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Ransomware Payments Plunge 35% as More Victims Refuse to Pay

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35%...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Hackers Exploiting Google Tag Managers to Steal Credit Card from eCommerce Sites

In a concerning development, cybercriminals are leveraging Google Tag Manager (GTM), a legitimate tool...

Weaponized SVG Files With Google Drive Links Attacking Gmail, Outlook & Dropbox Users

A new wave of phishing attacks is leveraging Scalable Vector Graphics (SVG) files to...

Flesh Stealer Malware Attacking Chrome, Firefox, and Edge Users to Steal Passwords

A newly identified malware, Flesh Stealer, is rapidly emerging as a significant cybersecurity threat...