Threat

Chromium Zero Day (MS Edge and Google Chrome)

Vulnerability

CVE-2022-2294¹

• CVSS – 8.8 HIGH
• Vulnerability Publication Date – 07/07/2022
• Exploits Available – Yes, private

Description

There is very little information available about this vulnerability other than it has been exploited in the wild. Both Google and Microsoft are holding back the details of this vulnerability to limit information available to potential threat actors. This vulnerability affects Chromium, the underlying open-source code used in Google’s and Microsoft’s web browsers².

According to VulDB, this vulnerability exploit appears to be easy, can be performed remotely, and does not require authentication to perform². While this does not provide much insight into the vulnerability itself, with a CVSS of 8.8 and a purposeful lack of published information, it can be inferred that this is a very severe vulnerability and should be remediated as quickly as possible.

Recommendations / Remediation

Contact FortifyData to learn how we can identify this vulnerability through our internal risk assessment.

Upgrade Google Chrome to version 102.0.5005.148

Upgrade Microsoft Edge to version 103.0.1264.48

**These are generalized recommendations that may not be effective for all organizations and environments. **

References

1. https://www.cve.org/CVERecord?id=CVE-2022-2294
2. https://www.computerworld.com/article/3261009/googles-chromium-browser-explained.html
3. https://vuldb.com/?id.203233