I. Targeted Entities
• Google Chrome
On July 4, Google quietly released a stable channel update for Google Chrome to patch an actively exploited zero-day vulnerability. This is the fourth flaw Google has released for Google Chrome this year.
III. Background Information
Chrome 103 (103.0.5060.71 for Android and 103.0.5060.114 for Windows and Mac) fixes a heap buffer overflow flaw in WebRTC. WebRTC is the engine that gives the browser its real-time communications capability. The vulnerability, given the moniker CVE-2022-2294 and reported by Jan Vojtesek from the Avast Threat Intelligence team, is described as a buffer overflow, “where the buffer that can be overwritten is allocated in the heap portion of memory.”
Google did not reveal any specific details about the vulnerability, but they did recommend that users upgrade their Google Chrome browsers. Because there are so few known details about the flaw, users’ most feasible protection is to upgrade their browser. Fortunately, Google Chrome updates are pushed without user intervention so most users will be protected once an update is available.
Buffer overflows can lead to crashes and other attacks that make the affected program unavailable, like putting the program into an infinite loop. Attackers can take advantage of the attack by using the crash to execute arbitrary code usually outside of the scope of the program’s security policy.
IV. MITRE ATT&CK
Because the specific details of this flaw have not been announced, there are currently no MITRE ATT&CKs associated with this flaw.
- Phishing Awareness Training
Users should be informed and educated about new kinds of phishing scams currently being used and ones that have been used in the past. Awareness training should instruct users to avoid suspicious emails, links, websites, attachments, etc. Users should also be educated about new types of attacks and schemes to mitigate risk. Recommended link: https://www.us-cert.gov/ncas/tips/ST04-014
- Set Antivirus Programs to Conduct Regular Scans
Ensure that antivirus and antimalware programs are scanning assets using up-to-date signatures.
- Strong Cyber Hygiene
Enforce a strong password policy across all networks and subsystems. Remind users to be wary of any messages asking for immediate attention, links, downloads, etc. All sources should be verified. Recommended link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a
- Turn on Endpoint Protection
Enable endpoint detection and response (EDR) to stop unknown malware in the product you’re using.
- Malware Monitoring
Continuously monitor current and new types of malware. Stay up to date on intel and advancements to prevent, defend, and mitigate these types of threats.
VI. Indicators of Compromise (IOCs)
Because the specific details of this flaw have not been announced, there are currently no IOCs associated with this flaw.
(1) Montalbano, Elizabeth. “Google Patches Actively Exploited Chrome Bug.” Threatpost English Global, July 5, 2022. https://threatpost.com/actively-exploited-chrome-bug/180118/.
Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: Dorian Pope, Sreten Dedic, EJ Bulut, Tural Hagverdiyev, Uday Bilakhiya.