Google launched an emergency safety replace for the desktop model of the Chrome internet browser, fixing the eighth zero-day vulnerability exploited in assaults this yr.

The high-severity flaw is recognized as CVE-2022-4135 and is a buffer overflow within the GPU, found by Clement Lecigne of Google’s Menace Evaluation Group on November 22, 2022.

“Google is conscious that an exploit for CVE-2022-4135 exists within the wild,” reads the replace advisory.

As customers want time to use the safety replace to their Chrome installations, Google withheld particulars of the vulnerability to forestall additional enlargement of its malicious exploit.

“Entry to bug particulars and hyperlinks could also be restricted till a majority of customers are up to date with a repair. We may even retain restrictions if the bug exists in a third-party library that others initiatives rely equally, however haven’t but been fastened.” – Google

Basically, buffer overflow is a reminiscence vulnerability that causes knowledge to be written to forbidden (often adjoining) places with out verification.

Attackers can use buffer overflow to overwrite an software’s reminiscence to govern its execution path, leading to unrestricted entry to info or the execution of arbitrary code.

Chrome customers are beneficial to improve to model 107.0.5304.121/122 for Home windows and 107.0.5304.122 for Mac and Linux, which fixes CVE-2022-4135.

To replace Chrome, go to Settings → About Chrome → Await the newest model to complete downloading → Restart this system.

Chrome update screen
Chrome up to date to the newest model

Chrome’s eighth zero-day patch in 2022

Chrome construct 107.0.5304.121/122 fixes the eighth actively exploited zero-day vulnerability this yr, indicating excessive curiosity from attackers towards the extensively used browser.

The earlier seven zero-day patches are:

These flaws are often exploited by refined hackers who use them in extremely focused assaults.

However, all Chrome customers are strongly suggested to replace their internet browsers as quickly as potential to be able to block potential exploit makes an attempt.

Supply :

Leave A Reply