Google Fixes Critical Flaw in Chrome

A previously exploited critical security flaw in Chrome for Windows has been discovered and is in the process of being patched, according to Google.

Several security exploits were discovered or reported in Google's Chrome web browser, specifically for Windows machines. The Stable channel update (103.0.5060.114) addresses flaws that would allow remote attackers to take control of a system through Javascript, memory buffer, or memory allocation vulnerabilities.

Only one of the highlighted security issues seems to have been actively exploited openly, but CVE-2022-2294, as it's known, could lead to a lot of damage or other problems. It's what's referred to as a "Heap buffer overflow," specifically in WebRTC, which allows audio and video communication to work across different web browsers. Kind of an important feature these days.

When exploited, attackers can overwrite the memory buffer to execute their own commands. It could lead to influence over or direct control of any process in a given operating system if it's not adequately protected.

The other discovered exploits—a Use After Free bug in Chrome OS and a Type Confusion bug that could be used to trick Chrome into running code—have not been used, it seems. So while the security flaws do exist, nobody outside of the researchers who discovered them has been able to take advantage.

The Stable channel update for Chrome on PC has been updated and should be rolling out to users over the next several days (or possibly weeks). The update should be applied automatically after restarting Chrome, but you can also update manually if you don't want to wait.