Google releases an urgent Chrome upgrade

Google releases an urgent Chrome upgrade

In order to patch the eight zero-day vulnerabilities in its Chrome web browser, Google released software updates on 24th November 2022.

The high severity vulnerability, identified as CVE-2022-4135, has been described as a heap buffer overflow in the GPU component. On November 22, 2022, Clement Lecigne of Google’s Threat Analysis Group (TAG) is credited with discovering the vulnerability.

Threat actors may use heap-based buffer overflow bugs as weapons to execute arbitrary code or crash a program, resulting in undesirable behavior. The vulnerability might allow a “remote attacker who had infiltrated the renderer process to potentially conduct a sandbox escape via a forged HTML page,” according to the NIST’s National Vulnerability Database.

“Google is aware that an exploit for CVE-2022-4135 exists in the wild,” said google in their advisory.

Since the beginning of the year, Google has fixed eight zero-day vulnerabilities in Chrome with the most recent release.

Technical details, however, have been kept until the majority of users have been updated with a remedy and to stop future exploitation, similar to other actively exploited flaws.

To reduce potential dangers, users are advised to update to version 107.0.5304.121 for macOS and Linux and 107.0.5304.121/.122 for Windows. As soon as the solutions become available, users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are encouraged to install them.

Source