The problem relates to a heap overflow flaw in the WebRTC component and it has been tracked as CVE-2022-2294. The WebRTC component actually provides real-time audio and video communication competencies in browsers. With this component, there is no need to install plugins or download native apps. The problem has been detected by Jan Vojtesek on July 1, 2022, who is from Avast Threat Intelligence team. MITRE explains the technicalities of the situation in a simpler way for the users: “Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker’s code. When the consequence is arbitrary code execution, this can often be used to subvert any other security service.” These heap buffer overflows are also known to be heap smashing or heap over-run. It occurs in a situation when the data is overwritten in the heap areas of the memory. This results in the denial of service (DoS) condition which is explained above by MITRE as code execution. It is also worth mentioning that the hug also has effects on the Android version of Google Web Chrome. It is not the first time that the Zero-day vulnerability has stricken the system. This year before CVE-2022-2294, three bugs arrived and had been controlled by the company. These are as follows:
CVE-2022-0609– Use-after-free in Animation CVE-2022-1096– Type confusion in V8 CVE-2022-1364– Type confusion in V8
To tackle CVE-2022-2294, users are recommended to update to version 103.0.060.114 for Windows, Linux, and macOS. The Android users update to version 103.0.5060.71 to defeat the bug. The users of Brava, Opera, Vivaldi, and Microsoft Edge are also advised to apply the fixes when the company makes them available to them. Also Read: Google announces new features coming to Chrome on iOS
