Google Chrome was struck by a zero day attack for the fourth time in 2022, and Google is urging users to upgrade their browsers.
According to Google’s Project Zero blog, zero day exploits are increasing across all major platforms, and web browsers are no exception. If you use Chrome, make sure you update it.
As Forbes reported, the exploit (CVE-2022-2294) affects Windows and Android users and exists in the wild. Google also confirmed two other high-level security threats.
While details are restricted until users have had the chance to upgrade, the company has provided the following details about the vulnerabilities:
The first vulnerability affects WebRTC (Web Real-Time Communications), a technology that allows audio and video communication to work inside web pages via peer-to-peer communication, eliminating the need to install plugins or download native apps. In May 2010, Google bought GIPS, the company that had developed many components required for RTC, such as codecs and echo cancellation techniques. In 2011, Google launched WebRTC as an open-source project.
As for the third vulnerability, Use After Free, it relates to incorrect use of dynamic memory. After freeing a memory location, if the program does not clear the pointer to that memory, an attacker can use the error to compromise the program. This is one of the most common routes used to exploit the browser. In fact, almost 100 of these vulnerabilities have been found in Chrome in 2022 alone.
To fix these vulnerabilities, Google has released Chrome 103.0.5060.114 for Windows and 103.0.5060.71 for Android. While Android can automatically update and restart Chrome, Windows users need to do it manually.
Dealing with unpredictable zero day vulnerabilities is one of the greatest challenges faced by today’s security teams. According to the WatchGuard Internet Security Report, 67% of malware attacks used zero day exploits to succeed last year. Headline-grabbing cases such as SolarWinds and Log4j served as wake-up calls for many organizations.
To help you stay ahead, we’ve compiled some resources and a quick guide: Everything to know about zero day attacks and remediation. We also have an on-demand webinar where you can get tips and tactics to reduce the risk of zero days.
Developers create software every day, but unbeknownst to them, it may contain vulnerabilities. This makes zero day attacks inevitable, as attackers often spot those vulnerabilities before the developers detect and act on them.
So how can you minimize risk in your organization?
Zero day protection measures include:
Let us show you how ThirdPartyTrust can help you reduce risk across your digital supply chain. Talk to an expert today.
Unpredictable vulnerabilities will be an ongoing concern for security teams inthe foreseeable future.
In this guide you will learn the fundamentals of zero days, patterns from our statistical analysis, and tips to reduce risk and remediate zero days if/when they happen.