Google Releases Chrome Patch to Fix New Zero-Day Vulnerability

Security

Google released new software patches on Thursday to address a new zero-day vulnerability in its Chrome web browser.

Writing in a security bulletin, the tech giant described the high-severity vulnerability (tracked CVE-2022-4135) as a heap buffer overflow in the graphics processing unit (GPU) component.

Google attributed the discovery of the vulnerability to Clement Lecigne from its Threat Analysis Group (TAG), saying the researcher made the discovery on November 24.

The new vulnerability marks the eighth zero-day fixed by Google for the desktop version of the Chrome web browser.

The company is recommending users upgrade to version 107.0.5304.121/.122 for Windows and 107.0.5304.121 for Mac and Linux. Chromium-based browsers like Microsoft Edge, Brave, Opera and Vivaldi should also be updated to apply the fixes as and when they become available.

Google is also currently withholding details about the vulnerability to prevent expanding its malicious exploitation.

While the full scope of the exploit is currently unknown, this type of vulnerability can typically enable threat actors to corrupt data and remotely execute code on a victim’s machine.

In fact, according to the US government’s National Institute of Standards and Technology (NIST) agency, CVE-2022-4135 allows a “remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.”

Patches for the vulnerability should be applied automatically. If that’s not the case because of system settings, users can upgrade their Chrome browser by clicking on the three vertical dots in the upper-right corner and navigating to ‘Help’ and then ‘About Google Chrome.’

The browser will then automatically check for and download the latest build (107.0.5304.121) and prompt users to restart their browser.

Some of the other zero-day Chrome vulnerabilities discovered by Google this year include the CVE-2022-2294, which the company patched in July.

Products You May Like

Articles You May Like

Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
Akira and RansomHub Surge as Ransomware Claims Reach All-Time High
CISA and EPA Warn of Cyber Risks to Water System Interfaces
US Government Issues Cloud Security Requirements for Federal Agencies

Leave a Reply

Your email address will not be published. Required fields are marked *