Cybersecurity Threat Advisory 0042-22: Google zero-day vulnerability
Google has released a new patch for Google Chrome to address critical vulnerabilities in V8, WebRTC, and Chrome OS Shell components. If exploited, the vulnerabilities will allow malicious actors to perform memory corruption and privilege escalation. Barracuda MSP recommends applying the latest Google patch as soon as possible.
Technical Detail & Additional Information
WHAT IS THE THREAT?
The zero-day vulnerability, CVE-2022-2294, was patched by Google. The details of the vulnerability are not fully disclosed at this time. Google stated that ‘access to bug details and links may be kept restricted until most users have updated the fix.’ The vulnerabilities exist in the WebRTC (Web Real-Time Communications) and Chrome OS
Shell components. A successful exploit can lead to program crashes, memory corruption, and arbitrary code execution that can escalate the attacker’s privilege if code execution is achieved during the attack. None of the vulnerabilities require any authentication, however they do require the user to perform some type of interaction.
WHY IS IT NOTEWORTHY?
The vulnerability exists in the previous version of Google Chrome while not having much information of the vulnerability there are private exploits available for purchase. According to Google the vulnerabilities have been known to be exploited in the wild.
WHAT IS THE EXPOSURE OR RISK?
The WebRTC vulnerability can lead to Heap Overflow vulnerability. V8 can lead to CWE-843 vulnerability: access of resource using incompatible type. Lastly, the Chrome OS Shell vulnerability can cause a program to crash, use unexpected values, or execute code, affecting confidentiality, integrity, and availability.
WHAT ARE THE RECOMMENDATIONS?
Barracuda MSP recommends the following actions:
- Update to version 103.0.5060.114 for Windows, macOS, and Linux.
- Update to version 103.0.5060.71 for Android.
- The web browser will also auto-check for new updates and automatically install them after the next launch.
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.
Taras is a Cybersecurity Analyst at Barracuda MSP. He’s a security expert, working on our Blue Team within our Security Operations Center. Taras supports our XDR service delivery, and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.