Google is rolling out an urgent patch to Chrome users on desktop and Android devices to address a zero-day flaw the web giant says is being actively exploited.
“The Stable channel has been updated to 103.0.5060.114 for Windows, which will roll out over the coming days/weeks,” writes Prudhvikumar Bommana for the Google Chrome team.
Four security flaws are addressed in this release, including one affecting the browser’s open-source real-time communication component, WebRTC.
The vulnerability, tracked as CVE-2022-2294, is described as a heap buffer overflow.
“Google is aware that an exploit for CVE-2022-2294 exists in the wild,” according to the advisory.
Two more bugs are also rated high-severity, making the update all the more important from a security standpoint.
In typical fashion, the internet mammoth is holding off details of the zero-day, giving Chrome users time to patch up before more malicious actors catch on and exploit the flaw. Android users are also instructed to update to Chrome 103, as most of the same flaws affect the mobile version of the browser. iOS customers seem unaffected at this time.
Chrome users worldwide should make updating a priority or, at the very least, refrain from real-time chats via Chrome until they update.