back to article Google updates Chrome to squash actively exploited WebRTC Zero Day

Google has issued an unexpected update to its Chrome browser to address a zero-day WebRTC flaw that is actively being exploited. The culprit is CVE-2022-2294, and is a problem in WebRTC – the code that imbues browsers with real-time comms capabilities. Details of the flaw, number 1341043, are not currently detailed in the …

  1. Andy The Hat Silver badge

    That's an interesting opinion

    Great!

    "Thankfully, Chrome updates itself with little user intervention required, ..."

    And another report will read

    "Chrome decided to update itself and broke xyz! Why do we have no control over Chrome updates?"

    Horses and courses I suppose.

    1. MiguelC Silver badge

      Re: That's an interesting opinion

      Windows administrators can manage how their users' Chrome browser and apps are updated, using the group policy manager.

    2. Def Silver badge

      Re: That's an interesting opinion

      Automatic updates are only a problem around here when it's Microsoft doing them because "reasons".

  2. Big_Boomer
    Windows

    Update to 103.0.5060.114 already available. I just updated mine.

    And I now return you to your regularly scheduled Google bashing and vilification. <LOL>

  3. Bartholomew Bronze badge
    Coat

    Could not have happen with HTTP/1.0

    Does anyone remember the good old days, when web pages were just simple text and images ? Back long ago, when they did not require the ability to execute remotely created code in a local GPU. Back when web browsers only required a few megabytes of RAM to function.

    1. DeathSquid

      Re: Could not have happen with HTTP/1.0

      Yeah. They had buffer overflows back then too. The Chrome org rewards engineers for building shiny new ad and user tracking features. Code health is a poor second.

    2. Tom 38 Silver badge

      Re: Could not have happen with HTTP/1.0

      One of the first jailbreaks for the iphone was a bug in an image rendering library, so the idea of there being no buffer overrun exploits when the web was just text and images is demonstrably bogus.

      1. Clausewitz4.0
        Devil

        Re: Could not have happen with HTTP/1.0

        QUOTE: One of the first jailbreaks for the iphone was a bug in an image rendering library

        So was one of the last bugs used by NSO / Pegasus to silently penetrate iPhones with a zero-click exploit. But Google do not care / look too much into exploits being actively used by some friendly government agencies.

        1. ITS Retired

          Re: Could not have happen with HTTP/1.0

          You forgot the quotes around "friendly".

  4. adam payne

    Usually I would leave this to Chrome to update itself but as this is a Zero day i'll let the patch management system take over.

  5. Anonymous Coward
    Anonymous Coward

    This is an SDP processing bug

    The issue is caused by simulcast being turned off using SDP munging. This is an error that puts the PeerConnection into an inconsistent state. The exact commit is https://webrtc.googlesource.com/src/+/763d847f1e5ac3c5607ace75cc03876e4fc1341b

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022