{"id":9731,"date":"2022-07-06T09:47:15","date_gmt":"2022-07-05T21:47:15","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=9731"},"modified":"2022-07-06T09:47:15","modified_gmt":"2022-07-05T21:47:15","slug":"3-billion-at-risk-does-that-include-you-it-probably-does","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=9731","title":{"rendered":"3 billion devices are at risk.\u00a0 Does that include you? (it probably does)"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

\u00a0An actively exploited high severity “zero day” cyber-security exploit has been found in the Google Chrome web browser.\u00a0\u00a0<\/h2>\n

With over 3 billion users it will take some time for the update roll out to everyone.\u00a0 Meanwhile, everyone who uses Chrome on their PC is exposed.\u00a0<\/p>\n

Luckily for all our Core Fundamental and Premium KARE clients, the KARE Team are already on to this and have pushed out the update to you already.\u00a0 We just ask that you URGENTLY stop using Chrome if it open on your screen, close it and reopen it. so the update can take effect.<\/strong><\/p>\n

Organisations that rely on “Windows Update” or “WSUS” don’t have that option, as neither manage updates to non-Microsoft applications such as Chrome.<\/p>\n

You can manually check though.\u00a0 From the Chrome menu :\u00a0 Help > About Google Chrome<\/strong>.\u00a0 The browser should try to auto-update as well.<\/p>\n

Details:<\/h3>\n

Google recently released Chrome 103.0.5060.114<\/a> to address a high-severity zero-day vulnerability that attackers are currently exploiting in the wild.<\/p>\n

Tracked as CVE-2022-2294<\/a>, the flaw is related to a heap-based buffer overflow weakness in the WebRTC (Web Real-Time Communications) component of Chrome. For its part, WebRTC is a free and open-source project that enables real-time voice, text, and video communications capabilities between web browsers and devices. While Google has yet to share technical details about the bug, the impact of successful heap overflow exploitation can range from program crashes and arbitrary code execution to bypassing security solutions if code execution is achieved during the attack<\/p>\n

Analyst comments:<\/h3>\n

CVE-2022-2294 is the fourth Chrome Zero-day that Google has addressed since the start of 2022. The previous Chrome Zero-day vulnerabilities include two high-severity type-confusion weaknesses (CVE-2022-1364 and CVE-2022-1096) in the Chrome V8 JavaScript engine and one high-severity \u201cUse after free in Animation\u201d bug (CVE-2022-0609). With over 3 billion users on Google Chrome, it will take some time for news of the update to reach the entire userbase. In turn, this provides threat actors enough time to target victims who are still running a vulnerable version of Chrome. Since CVE-2022-2294 is already being exploited in attacks in the wild, users should update their browser to the latest version as soon as possible to prevent further exploitation attempts.<\/p>\n

Mitigation:<\/h3>\n

To update to the latest version of Chrome (103.0.5060.114), click on the Chrome menu > Help > About Google Chrome.<\/p>\n

Source:<\/h3>\n

https:\/\/www.bleepingcomputer.com\/ne…ew-chrome-zero-day-flaw-exploited-in-attacks\/<\/a><\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

\u00a0An actively exploited high severity “zero day” cyber-security exploit has been found in the Google Chrome web browser.\u00a0\u00a0 With over 3 billion users it will take some time for the update roll out to everyone.\u00a0 Meanwhile, everyone who uses Chrome on their PC is exposed.\u00a0 Luckily for all our Core Fundamental and Premium KARE clients, […]<\/p>\n","protected":false},"author":5,"featured_media":9735,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-9731","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/9731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9731"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/9731\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}