Chrome Browser, Google, Zer-Day Exploit

Google Chrome Releases New Update to Patch Actively Exploited Zero-Day Flaw

Google Chrome Releases New Update to Patch Actively Exploited Zero-Day Flaw

Google issued a software update to fix yet another zero-day flaw in its Chrome web browser. CVE-2022-4135 is identified as a high severity vulnerability.

The aforementioned Zero-Day Flaw is identified as CVE-2022-4135, which is defined as a heap buffer overflow in the GPU component and categorized as a high-severity vulnerability. Clement Lecigne, a member of Google’s Threat Analysis Group (TAG), disclosed the new vulnerability on November 22, 2022.

A heap-based overflow can be exploited and used as a weapon, as per TheHackerNews: 

“Heap-based buffer overflow bugs can be weaponized by threat actors to crash a program or execute arbitrary code, leading to unintended behavior.”

Google has indicated that the vulnerability is known to them: “Google is aware that an attack for CVE-2022-4135 exists in the wild.”

This year, Google has patched many zero-day vulnerabilities in Chrome:

To minimize possible risks, users are advised to upgrade to version 107.0.5304.121 for macOS and Linux, and 107.0.5304.121/.122 for Windows. Also, users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also expected to apply the patches.