Google Releases Emergency Security Update to Address Zero-Day Vulnerability
November 25, 2022
Google has released an emergency security update for the desktop version of the Chrome web browser to address a zero-day vulnerability, tracked as CVE-2022-4135, that is actively exploited. The vulnerability is a heap buffer overflow issue in GPU, reported by Clement Lecigne of Google’s Threat Analysis Group on November 22, 2022.
Google has not shared technical details about the vulnerability in order to allow users to update their Chrome installations. However, they have stated, “Google is aware that an exploit for CVE-2022-4135 exists in the wild.” An attacker can exploit the heap buffer overflow to potentially gain arbitrary code execution on systems running vulnerable versions of the browser.
Google fixed the zero-day with the release of version 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows, which the company plans to roll out over the coming days/weeks. This is the eighth actively exploited Chrome zero-day addressed by Google this year. Access to bug details and links may be kept restricted until a majority of users are updated with a fix, as stated by Google, “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
Chrome users are recommended to update their installations as soon as possible to neutralize attacks attempting to exploit the zero-day.
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.