Cybersecurity warning: Google zero-day vulnerability

July 13, 2022

Google has released a new patch for Google Chrome to address critical vulnerabilities in V8, WebRTC, and Chrome OS Shell components. If exploited, the vulnerabilities will allow malicious actors to perform memory corruption and privilege escalation. We recommend applying the latest Google patch as soon as possible.

What is the threat?

The zero-day vulnerability, CVE-2022-2294, was patched by Google. The details of the vulnerability are not fully disclosed at this time. Google stated that ‘access to bug details and links may be kept restricted until most users have updated the fix.’ The vulnerabilities exist in the WebRTC (Web Real-Time Communications) and Chrome OS Shell components. A successful exploit can lead to program crashes, memory corruption, and arbitrary code execution that can escalate the attacker’s privilege if code execution is achieved during the attack. None of the vulnerabilities require any authentication, however they do require the user to perform some type of interaction.

Why is it noteworthy?

The vulnerability exists in the previous version of Google Chrome while not having much information of the vulnerability there are private exploits available for purchase. According to Google the vulnerabilities have been known to be exploited in the wild.

What is the exposure or risk?

The WebRTC vulnerability can lead to Heap Overflow vulnerability. V8 can lead to CWE-843 vulnerability: access of resource using incompatible type. Lastly, the Chrome OS Shell vulnerability can cause a program to crash, use unexpected values, or execute code, affecting confidentiality, integrity, and availability.

To help with any issues you may be experiencing, contact us at Access Tech for a complimentary call to assess your needs and security risks. We have been helping customers for over 12 years to connect their business strategy with IT solutions.

Source: SmarterMSP