Sign in / up

back to article Google updates Chrome to squash actively exploited WebRTC Zero Day

Google has issued an unexpected update to its Chrome browser to address a zero-day WebRTC flaw that is actively being exploited. The culprit is CVE-2022-2294, and is a problem in WebRTC – the code that imbues browsers with real-time comms capabilities. Details of the flaw, number 1341043, are not currently detailed in the …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Andy The Hat Silver badge

    That's an interesting opinion

    Great!

    "Thankfully, Chrome updates itself with little user intervention required, ..."

    And another report will read

    "Chrome decided to update itself and broke xyz! Why do we have no control over Chrome updates?"

    Horses and courses I suppose.

    7 0 Reply
    1. MiguelC Silver badge
      Reply Icon

      Re: That's an interesting opinion

      Windows administrators can manage how their users' Chrome browser and apps are updated, using the group policy manager.

      2 0 Reply

    2. This post has been deleted by its author

  2. Big_Boomer Silver badge
    Windows

    Update to 103.0.5060.114 already available. I just updated mine.

    And I now return you to your regularly scheduled Google bashing and vilification. <LOL>

    5 0 Reply
  3. Bartholomew
    Coat

    Could not have happen with HTTP/1.0

    Does anyone remember the good old days, when web pages were just simple text and images ? Back long ago, when they did not require the ability to execute remotely created code in a local GPU. Back when web browsers only required a few megabytes of RAM to function.

    6 0 Reply
    1. DeathSquid
      Reply Icon

      Re: Could not have happen with HTTP/1.0

      Yeah. They had buffer overflows back then too. The Chrome org rewards engineers for building shiny new ad and user tracking features. Code health is a poor second.

      4 0 Reply
    2. Tom 38
      Reply Icon

      Re: Could not have happen with HTTP/1.0

      One of the first jailbreaks for the iphone was a bug in an image rendering library, so the idea of there being no buffer overrun exploits when the web was just text and images is demonstrably bogus.

      3 0 Reply
      1. Clausewitz4.0 Bronze badge
        Reply Icon
        Devil

        Re: Could not have happen with HTTP/1.0

        QUOTE: One of the first jailbreaks for the iphone was a bug in an image rendering library

        So was one of the last bugs used by NSO / Pegasus to silently penetrate iPhones with a zero-click exploit. But Google do not care / look too much into exploits being actively used by some friendly government agencies.

        3 2 Reply
        1. ITS Retired
          Reply Icon

          Re: Could not have happen with HTTP/1.0

          You forgot the quotes around "friendly".

          1 0 Reply
  4. adam payne

    Usually I would leave this to Chrome to update itself but as this is a Zero day i'll let the patch management system take over.

    0 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    This is an SDP processing bug

    The issue is caused by simulcast being turned off using SDP munging. This is an error that puts the PeerConnection into an inconsistent state. The exact commit is https://webrtc.googlesource.com/src/+/763d847f1e5ac3c5607ace75cc03876e4fc1341b

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like