Chrome Zero-Day Flaw Actively Exploited in the Wild – Google Emergency Update!!

The Chrome web browser for desktops recently received an emergency security update to address a zero-day vulnerability that has been found to be actively exploited in the wild.

As part of this emergency security update, Google has patched the eighth zero-day vulnerability in the Chrome web browser this year in 2022.

This high-severity zero-day vulnerability has been assigned the CVE-2022-4135 identifier. On November 22, 2022, a security expert from Google’s Threat Analysis Group, Clement Lecigne identified this security flaw.

Several version updates have been made to the Stable channel, including:-

EHA
  • 107.0.5304.121/.122 for Windows
  • 107.0.5304.121 for Mac
  • 107.0.5304.121 for Linux

As a result, Google has released Chrome 107.0.5304.121. And following are the platforms for which this new version has been released:-

  • Windows
  • Mac
  • Linux

Flaw Profile

  • CVE ID: CVE-2022-4135
  • Description: This flaw is a heap buffer overflow in GPU.
  • Severity: HIGH
  • Reported: 2022-11-22

As a result of a heap buffer overflow, data can be written to forbidden locations without any checks being made by the system. However, for now, Google has not released any key and technical details regarding this zero-day flaw. 

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

While Google decided to detain this information in an attempt to give users more time to apply this emergency security update and prevent any further exploitation of this flaw.

Threat actors may be able to manipulate the execution path of an application by exploiting heap buffer overflows in order to overwrite the memory of the application.

“Google is aware that an exploit for CVE-2022-4135 exists in the wild”, Google said in a release note.

Zero-day Flaw Fixed in 2022

Here below we have mentioned all the zero-day flaws that are fixed in 2022:-

Hackers typically exploit these flaws in highly targeted attacks in order to gain unfettered access to sensitive data.

Update Now

Users were strongly recommended by Google to update their Chrome web browser immediately to prevent exploitation. In order to update the Chrome web browser you have to follow a few simple steps that we have mentioned below:-  

  • First of all, go to the Settings option.
  • Then select About Chrome.
  • Now you have to wait, as Chrome will automatically fetch and download the latest update.
  • Then wait for the latest version to be installed.
  • Once the installation process completes, now you have to restart Chrome.
  • That’s it, now you are done.

SWG – Secure Web Filtering – Download Free E-book

BALAJI is a Former Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.