Google was informed about the vulnerability and attacks exploiting it on July 1 by cybersecurity company Avast, which observed it being used against its customers in the Middle East as part of what appeared to be highly targeted operations.

The vulnerability is tracked as CVE-2022-2294 and it has been described as a heap buffer overflow in WebRTC. The zero-day has been patched with the release of a Chrome 103 update for Windows. This is the fourth actively exploited Chrome vulnerability patched by Google this year.