This 2022 is not the best year for the Chrome browser in terms of security vulnerabilities. “Zero-day vulnerabilities” are particularly dangerous because they are flaws that are not detected by developers and can therefore be profitably exploited by hackers.
In the last few days we have known a new zero-day vulnerability affecting Chromeprecisely because Google itself has just released the relevant patch to fix the problem that is affecting PC and Mac users.
The CVE-2022-4135 vulnerability is related to a buffer overflow and there is already an exploit that takes advantage of this flaw.
The vulnerability in question has been cataloged with the identifier CVE-2022-4135and while Google hasn’t given many details about it, we know it’s related a stacked buffer overflow on the GPU as indicated by Bleeding computer.
The bug was discovered on November 22, 2022 by Clement Lecigne of the Google Threat Analysis Group. Buffer overflows often allow attackers to access normally inaccessible memory locations.
Saying it like that might seem like a small thing, but for practical reasons it can mean that the hacker can ultimately gain control of our device to do with it as he pleases (and that’s certainly not a good thing).
in the the note published by Google That is also claimedGoogle is aware that an exploit for CVE-2022-4135 exists and is public‘, meaning that there are already threats that take advantage of this omission.
The latest Google update includes a patch that addresses the CVE-2022-4135 vulnerability, so it is highly recommended that we update our browser if we haven’t already.
If you have a PC or Mac computer, take a look at the Chrome browser and see if this is the case updated to version 107.0.5304.121 (or higher).
If you have an older version, the browser should update automatically by opening Chrome and going to Help -> About Google Chrome. After the update, restart the browser and that’s it.
You might be interested in:
See you in the next post!