Microsoft Edge gets emergency patch for severe zero-day vulnerability

Microsoft Edge
(Image credit: Shutterstock / monticello)

A few days after Google patched a high-severity bug that was being exploited in the wild, Microsoft has done the same for Edge. 

Tracked as CVE-2022-2294, the flaw is present in the Chromium browser engine, which means both Chrome and Edge are affected.

Other than revealing the zero-day is being exploited in the wild, Google has kept the details to itself. This is most likely to give users enough time to patch their endpoints, and to avoid supplying threat actors with ammunition for further attacks.

Known zero-day

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. "We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed."

We do know the flaw is a high-severity heap-based buffer overflow weakness, discovered by Avast’s Jan Vojtesek, in the WebRTC (Web Real-Time Communications) component.

In the same vein, Microsoft has decided to stay tight-lipped as well. “This update contains a fix for CVE-2022-2294, which has been reported by the Chromium team as having an exploit in the wild,” the company said in the patch log.

The Edge build that plugged the hole is 103.0.1264.48, and users are advised to update immediately, in case the browser doesn’t do so automatically.

To make sure you are running the latest version of the browser, open up the menu and navigate to Help and Feedback > About Microsoft Edge.

Via Neowin

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.