This vulnerability

Component is introduced

Google Chrome It is one of the world's leading free browsers , The user base is broad , With fast 、 Efficient 、 Safety, etc .

Vulnerability profile

7 month 4 Japan ,Google Posted as Windows User release Chrome 103.0.5060.114, Repair the 2022 year Chrome No 4 individual 0 day. The flaw is WebRTC（Web real-time communication ） Heap based buffer overflow vulnerability in component （CVE-2022-2294）, from Avast The research team of 7 month 1 Day to disclose .Google It is revealed that this vulnerability has been exploited by the opposition , However, the technical details of the attack and other information were not disclosed .

An attacker can exploit this vulnerability , Construct malicious data to cause buffer overflow attack , And execute remote code .

scope

Currently affected Google Chrome edition ：

• Google Chrome Desktop < 103.0.5060.114
• Google Chrome Extended <