Google releases an urgent Chrome upgrade
In order to patch the eight zero-day vulnerabilities in its Chrome web browser, Google released software updates on 24th November 2022.
The high severity vulnerability, identified as CVE-2022-4135, has been described as a heap buffer overflow in the GPU component. On November 22, 2022, Clement Lecigne of Google’s Threat Analysis Group (TAG) is credited with discovering the vulnerability.
Threat actors may use heap-based buffer overflow bugs as weapons to execute arbitrary code or crash a program, resulting in undesirable behavior. The vulnerability might allow a “remote attacker who had infiltrated the renderer process to potentially conduct a sandbox escape via a forged HTML page,” according to the NIST’s National Vulnerability Database.
“Google is aware that an exploit for CVE-2022-4135 exists in the wild,” said google in their advisory.
Since the beginning of the year, Google has fixed eight zero-day vulnerabilities in Chrome with the most recent release.
- CVE-2022-0609– Use-after-free in Animation
- CVE-2022-1096– Type confusion in V8
- CVE-2022-1364– Type confusion in V8
- CVE-2022-2294– Heap buffer overflow in WebRTC
- CVE-2022-2856– Insufficient validation of untrusted input in Intents
- CVE-2022-3075– Insufficient data validation in Mojo
- CVE-2022-3723– Type confusion in V8
Technical details, however, have been kept until the majority of users have been updated with a remedy and to stop future exploitation, similar to other actively exploited flaws.
To reduce potential dangers, users are advised to update to version 107.0.5304.121 for macOS and Linux and 107.0.5304.121/.122 for Windows. As soon as the solutions become available, users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are encouraged to install them.