• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY

Google Fixes Zero Day Exploit In Chrome

Published by Sabrina Pagnotta on July 18, 2022
Categories
  • Blog
Tags
  • Cybersecurity
zero day google chrome

Google Chrome was struck by a zero day attack for the fourth time in 2022, and Google is urging users to upgrade their browsers.

According to Google’s Project Zero blog, zero day exploits are increasing across all major platforms, and web browsers are no exception. If you use Chrome, make sure you update it.

About the vulnerability

As Forbes reported, the exploit (CVE-2022-2294) affects Windows and Android users and exists in the wild. Google also confirmed two other high-level security threats.

While details are restricted until users have had the chance to upgrade, the company has provided the following details about the vulnerabilities:

  • CVE-2022-2294 [High]: Heap buffer overflow in WebRTC
  • CVE-2022-2295 [High]: Type Confusion in V8
  • CVE-2022-2296 [High]: Use after free in Chrome OS Shell

The first vulnerability affects WebRTC (Web Real-Time Communications), a technology that allows audio and video communication to work inside web pages via peer-to-peer communication, eliminating the need to install plugins or download native apps. In May 2010, Google bought GIPS, the company that had developed many components required for RTC, such as codecs and echo cancellation techniques. In 2011, Google launched WebRTC as an open-source project.

The second vulnerability affects V8, Chrome’s component responsible for processing JavaScript. Type confusion involves a lack of verification of the type of object that is received, and using it blindly without type-checking.

As for the third vulnerability, Use After Free, it relates to incorrect use of dynamic memory. After freeing a memory location, if the program does not clear the pointer to that memory, an attacker can use the error to compromise the program. This is one of the most common routes used to exploit the browser. In fact, almost 100 of these vulnerabilities have been found in Chrome in 2022 alone.

To fix these vulnerabilities, Google has released Chrome 103.0.5060.114 for Windows and 103.0.5060.71 for Android. While Android can automatically update and restart Chrome, Windows users need to do it manually.

The threat of zero days

Dealing with unpredictable zero day vulnerabilities is one of the greatest challenges faced by today’s security teams. According to the WatchGuard Internet Security Report, 67% of malware attacks used zero day exploits to succeed last year. Headline-grabbing cases such as SolarWinds and Log4j served as wake-up calls for many organizations.

how zero days work

To help you stay ahead, we’ve compiled some resources and a quick guide: Everything to know about zero day attacks and remediation. We also have an on-demand webinar where you can get tips and tactics to reduce the risk of zero days.

Developers create software every day, but unbeknownst to them, it may contain vulnerabilities. This makes zero day attacks inevitable, as attackers often spot those vulnerabilities before the developers detect and act on them.

So how can you minimize risk in your organization?

Zero day protection measures include:

  • Keeping all software and operating systems up to date, installing patches as soon as they become available.
  • Enforcing security standards as part of your vendor risk assessments and updating your requirements if needed after a zero day is discovered.
  • Performing continuous monitoring and reassessment of your vendors as opposed to point-in-time calendar evaluations.
  • Using a layered defense strategy, combining antivirus, firewall, and other security solutions, with security mechanisms like zero trust or MFA.
  • Educating users on cybersecurity best practices, especially amid flexible work arrangements; many zero day attacks capitalize on human error.

Let us show you how ThirdPartyTrust can help you reduce risk across your digital supply chain. Talk to an expert today.

Don’t let zero days be “wake up calls.”

Unpredictable vulnerabilities will be an ongoing concern for security teams inthe foreseeable future.

In this guide you will learn the fundamentals of zero days, patterns from our statistical analysis, and tips to reduce risk and remediate zero days if/when they happen.

Get The Guide
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
  • Phone
    |+1-617-245-0469
  • Address
    |
    111 Huntington Ave, Suite 2010, Boston, MA 02199
  • Sales
    |sales@bitsighttech.com
  • Contact Us
Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Reject AllAccept
Cookie Settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT