Google Chrome Zero-Day Vulnerability Exploit [CVE-2022-2294]

July 6, 2022

Overview of cve-2022-2294

Over the Fourth of July weekend, Google released a patch for a high-severity Chrome zero-day vulnerability. The vulnerability is being exploited in the wild and affects Google Chrome and other chromium-based browsers. The heap-based buffer overflow vulnerability is found in the WebRTC (Web-Real-Time Communications) component.

The vulnerability is being tracked as CVE-2022-2294 and allows for attackers to breach Chrome user’s privacy. A successful heap overflow exploit can allow for program crashes, bypassing security solutions, or unfettered code execution. Although the vulnerability has been exploited in the wild, Google has yet to release any information or technical details regarding instances of successful exploitation. Their advisory stated that “Access to bug details and links may be kept restricted until a majority of Chrome users are updated with a fix.”

CVE-2022-2294 is the fourth zero-day that Google has patched in 2022. The other zero-day vulnerabilities include:

February 14, 2022 – CVE-2022-0609 – a “use after free in animation” vulnerability.
March 25, 2022 – CVE-2022-1096 – a type confusion weakness in the Chrome V8 JavaScript engine.
April 14, 2022 - CVE-2022-1364 – another type confusion weakness in the Chrome V8 JavaScript engine.

Chrome version 103.0.5060.114 was issued in Google’s Stable Desktop channel but Google stated it’s a matter of days or weeks before it reaches the entire userbase. However, because Google is delaying the release of the technical details surrounding the attacks, every Chrome user will have time to patch. Here is a list of other Chromium browsers that you should patch:

Microsoft Edge – Please patch when one becomes available.
Brave – You can find the patch here.
Opera – Please patch when one becomes available.
Vivaldi – You can find the patch here.

Because CVE-2022-2294 has been exploited by hackers in the wild, Avertium strongly urges that you update Google Chrome as soon as possible.

How Avertium is Protecting Our Customers:

Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium’s offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills.
Avertium recommends utilizing our service for DFIR (Digital Forensics and Incident Response) to help you rapidly assess, contain, eradicate, and recover from a security incident.
Fusion MXDR is the first MDR offering that fuses together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and security vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is great than the sum of its parts.
Avertium offers Zero Trust Architecture, like AppGate, to stop malware lateral movement.

Avertium's recommendations

Please patch your Google Chrome browser as soon as possible to the latest version (103.0.5060.114 for Windows, macOS, and Linux and to 10.5060.71 for Android).

INDICATOR'S OF COMPROMISE (IOCS):

At this time, there are no known IoCs associated with CVE-2022-2294. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, reach out to your Avertium Service Delivery Manager or Account Executive.