Google has disclosed that the latest patch for its Chrome desktop web browser addresses a high-severity security flaw exploited in the wild.
“Google is aware that an exploit for CVE-2022-2294 exists in the wild,” the company said.
Avast Threat Intelligence security researcher Jan Vojtesek reported CVE-2022-2294 last week on 1 July.
The bug involves a heap-based buffer overflow weakness in WebRTC, allowing attackers to bypass protection mechanisms and execute arbitrary code attacks.
This could let attackers steal private data, usernames and passwords, and install spyware or malware on users’ PCs.
Google has not given any details about how bad actors have actively exploited this security flaw.
The company explained that it would restrict access to bug details until most users had applied the patch.
“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
Besides the actively exploited bug, Chrome’s latest patch also fixed two other high-severity security flaws brought to Google’s attention by external researchers.
The tech giant advised Chrome users to install the browser’s 103.0.5060.114 patch as soon as possible to prevent any active exploitation attempts.
Users can check whether they have the latest update installed by navigating to Help/Settings > About Chrome.