The flaw, tracked as CVE-2022-2294, has been described as a heap buffer overflow in WebRTC. The security hole was reported to Google by a member of the Avast Threat Intelligence team on July 1.

The zero-day has been patched with the release of Chrome 103.0.5060.114 for Windows.

No information has been made available about the attacks exploiting CVE-2022-2294. SecurityWeek has reached out to Avast for more information and will update this article if the company can share any details.