In order to fix a zero-day vulnerability, Google has published updated versions of its Chrome browser for Windows and Android. Versions 103.0.5060.114 for Windows and 103.0.5060.71 for Android both have fixes for the vulnerability.
This vulnerability followed another bug disclosed from Chromium back in January 2022, that is also concerning the same third party library WebRTC.
Google Chrome WebRTC RTPSenderVideoFrameTransformerDelegate memory corruption vulnerability (TALOS-2021-1372) (reward: $7500) https://t.co/phdCZxZeVx— Chromium Disclosed Security Bugs (@BugsChromium) January 10, 2022
Google withholds all information about the issue until the majority of users have received an update with the fix. If the restriction is in a third-party library that is also used by other projects but doesn’t yet have the defect rectified, it can still be present.
Two further serious issues are also fixed by the update. CVE-2022-2296 is a “use after free” memory bug in Chrome OS Shell, whereas CVE-2022-2295 is a type confusion in Chrome’s V8 JavaScrip engine.