According to Google, a critical security flaw has been discovered in Chrome for Windows that was previously exploited. A patch is being worked on.

Several security exploits have been discovered or reported in Google's Chrome web browser, specifically for Windows machines. The Stable channel update (103.0. 5060. 114) fixes flaws that could allow remote attackers to take control of a system via JavaScript, memory buffer, or memory allocation vulnerabilities.

Only one of the highlighted vulnerabilities appears to be actively exploited out in the open, but CVE-2022-2294, as it’s known, could potentially lead to a lot of damage or other issues. It’s what’s known as a “Heap buffer overflow,” specifically in WebRTC, which allows audio and video communications to work across different web browsers. Kind of a major feature these days.

If exploited, attackers can overwrite the memory buffer to execute their own commands. It can lead to influence or direct control over every process in a given operating system if it is not adequately protected.