Google Chrome has encountered a new zero-day exploit this month. The company confirms that Android and Windows users are facing a hacking risk from the security threat.

Because of this, Google says it will launch a 103.0.5060.144 Chrome update for windows in the next few days and weeks. 

The patched version will be automatically updated upon restarting the browser. 

Google Chrome Exploit is Still Existing

(Photo : Firmbee.com from Unsplash)
Google is rolling out an update for the Chrome browser which fixes the WebRTC flaw on Windows and Android.

According to a recent report by ZDNet, Google has recently dropped an important update that will get rid of the WebRTC flaw in the Chrome app for Windows desktops.

For those who don't know, WebRTC is a JavaScript-powered standard for voice and video apps. It operates in the Chrome browser, and many vendors widely use it.

As of writing, Google says it's aware of the occurring exploit for CVE-2022-2294. Since then, it launched a WebRTC fix intended for Chrome Android users.

What is CVE-2022-2294 Vulnerability?

As per the Avast Threat Intelligence team via Forbes, CVE-2022-2294 Vulnerability is classified as a high-severity threat displayed as a "heap buffer overflow" in RTC.

Google first saw this exploit on July 1. At the time, they warned the Windows users of Chrome should immediately update their browser to avoid this vulnerability.

Windows users are not the only ones who are affected by a potential Chrome hack. The company also notes that Android users share the same fate. They should quickly update their software soon.

For those who want to get started in the Chrome update, just go to the Help | About Option on your browser menu. Once the update kicks in, it will now be automatically downloaded and installed. 

For the changes to take effect, you need to restart your Google Chrome.

Forbes also includes in its report that Google Chrome bearing the Android version number 103.0.5060.71 is now up for downloads on the PlayStore.

Aside from the update for both Android and Windows Chrome, it also fixes two other vulnerabilities, including the CVE-2022-2296 in the Chrome OS shell and the CVE-2022-2295 in the V8 JavaScript engine.

Related Article: Google Chrome Users Beware: 8 'High' Threat Exploits Exposed | Here's How to Protect Yourself From These Hacks 

Google Has Encountered 18 Zero-Days So Far

This year has been a challenging task for the Google Security Team. As of June 15, the company could detect 18 zero-day exploits in the wild. Out of this number, a couple of them were found to be attacking the Chrome browser.

According to Maddie Stone, a researcher from Google Project Zero or GPZ, early regression tests and patching could have prevented at least half of the zero-day exploits at the start of the year.

"The goal is to force attackers to start from scratch each time we detect one of their exploits: they're forced to discover a whole new vulnerability, they have to invest the time in learning and analyzing a new attack surface, they must develop a brand new exploitation method. To do that effectively, we need correct and comprehensive fixes," Stone said.

To note, a myriad of exploits were discovered to be variants of the old bugs which once lurked in Chrome, Windows, WebKit, and Apple iOS.

Read Also: V8 Type Confusion Vulnerability Hits Google Chrome, Microsoft Edge Browser 

This article is owned by Tech Times

Written by Joseph Henry