Google Patches Actively Exploited Zero-Day Chrome Flaw Affecting Billions, Update ASAP

Google Chrome logo with a bandaid over the center
Chrome is the most popular browser on the planet (in terms of market share) with billions of a users, and the unwanted side effect of that immense popularity in the tech space is it attracts bad actors. Such is the reason for the latest browser update—it comes with a warning from Google that one of the security updates included in the patch addresses a zero-day flaw that is being actively exploited in the wild.

That means the flaw, if left unpatched, is not a theoretical threat but one that bad actors are targeting. Whenever that's the case, it's a good idea to apply the security patch sooner than later. Even when there haven't been any detected incidents of a zero-day being exploited, it's still typically a good idea to patch things up, when possible.

The flaw in question is tracked as CVE-2022-2294 and has a High security rating. It's described as a "heap buffer overflow in WebRTC" exploit. The free and open-source Web Real-Time Communications (WebRTC) component in Chrome enables video and voice communication to work inside web pages using a JavaScript API layer, and without having to install any plugins.

Google isn't offering up any specifics on the zero-day just yet, as it's policy to wait until a majority of users have had a chance to apply the patch before serving up the gory details. Generally speaking, though, these types of flaws can lead to crashes or worse.

"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy. Besides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code," MITRE explains.

Google's latest patch also targets two other security flaws, both with a High severity rating as well. They include CVE-2022-2259 (Type Confusion in V8) and CVE-2022-2296 (User after free in Chrome OS Shell).

Google Chrome version
You can wait for Chrome to update itself automatically, though we recommend forcing the issue. You can do that by clicking on the three vertical dots in the upper-right corner, then navigating to Help > About Google Chrome. The latest Chrome patch (at the time of this writing) updates the browser to the 103.0.5060.66 build.