Google Releases Emergency Security Update to Address Zero-Day Vulnerability

November 25, 2022

Google has released an emergency security update for the desktop version of the Chrome web browser to address a zero-day vulnerability, tracked as CVE-2022-4135, that is actively exploited. The vulnerability is a heap buffer overflow issue in GPU, reported by Clement Lecigne of Google’s Threat Analysis Group on November 22, 2022.

Google has not shared technical details about the vulnerability in order to allow users to update their Chrome installations. However, they have stated, “Google is aware that an exploit for CVE-2022-4135 exists in the wild.” An attacker can exploit the heap buffer overflow to potentially gain arbitrary code execution on systems running vulnerable versions of the browser.

Google fixed the zero-day with the release of version 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows, which the company plans to roll out over the coming days/weeks. This is the eighth actively exploited Chrome zero-day addressed by Google this year. Access to bug details and links may be kept restricted until a majority of users are updated with a fix, as stated by Google, “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

Chrome users are recommended to update their installations as soon as possible to neutralize attacks attempting to exploit the zero-day.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.