It pertains to a heap overflow flaw in the WebRTC component, which enables real-time audio and video communication in browsers without the need to download or install plugins. Based on security considerations, Google will only disclose the full details of the vulnerability after most users update. Often such vulnerabilities can be used to execute arbitrary code or escape the browser’s security sandbox, and interested researchers can wait for subsequent Google disclosures.
“Google is aware that an exploit for CVE-2022-2294 exists in the wild. Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
Google Chrome 103.0.5060.114
Upgrade to the latest version of Chrome, available from the Google Chrome Releases Website.
Google Chrome Releases Website