A critical vulnerability identified as CVE-2022-2294 affects the Mac version of Google’s Chrome browser. It opens the way to a buffer overflow attack and requires an emergency patch to be applied.
The latest update to Chrome Browser for Mac is significant because it fixes an exploit that is currently in the wild. Chrome for Windows and Mac build 102.0.5005.148 includes a critical security fix for a vulnerability, CVE-2022-2294, which allows a buffer overflow in WebRTC. The flaw was reported by Jan Vojtesek of the Avast Threat Intelligence team on July 1, and Google said an exploit of the flaw was already underway. According to the Common Weakness Enumeration (CWE) list of vulnerabilities, heap buffer overflow allows writing outside of the space allocated to the buffer, overwriting information needed by the process. In general, overflow can lead to crashes and other attacks, including putting the program into an infinite loop.
Besides this crucial patch, Google plans to fix other security weaknesses in its browser this year. The previous version of Google Chrome 100.0.4896.127 already fixed the vulnerability referenced CVE-2022-1364, which was also exploited in the wild. This update, which also includes many other security and bug fixes, will be released in the coming days. To check its availability, click on the “Chrome” menu in the menu bar, then select “About Google Chrome”.