Risk Rating: HIGH
Affected Products: Google Chrome
Affected Version:Versions previous to 103.0.5060.114
Patched Version: 103.0.5060.114
Vendor: Google
Date: 01/07/2022
Introduction:
A zero-day vulnerability was identified and disclosed to Google that affects the WebRTC (Web Real-Time Communications) component within the browser, which allows for exploitation of a Heap Buffer Overflow vulnerability.
Technical details are limited at this time, from Google and the Avast Threat intelligence team (the party that originally discovered the vulnerability). However, Chrome users must patch immediately as Google is aware that exploit code exists for this vulnerability.
Impact:
The impact can range from crashing the process to arbitrary code execution or in a worst-case scenario, this could result in a bypass of the security controls and allow an attacker to gain a foothold on the underlying system running the vulnerable browser version.
Remediation(s):
Upgrade all Chrome-based browsers in use to version: 103.0.5060.114.
Links & Resources: