HomeTechnologyComputingGoogle releases emergency Chrome fix for zero-day bug

Google releases emergency Chrome fix for zero-day bug

Google has released emergency patches to close a security hole it says is being actively exploited in the wild in its Chrome web browser.

According to the company, the Stable channel has been updated to version 107.0.5304.121 for Mac and Linux, and to version 107.0.5304.121/.122 for Windows. These updates will roll out to all users in the coming days or weeks.

The security vulnerability addressed by the latest update is CVE-2022-4135, a very serious heap buffer overflow weakness in the GPU.

Google credited Clement Lecigne of its Threat Analysis Group with discovering the flaw on November 22, 2022.

Google says it is aware of an exploit for CVE-2022-4135 that exists in the wild. However, the company did not provide technical details about how the vulnerability was used in attacks or the threat actors that may have weaponized it.

Until a patch is available for the vast majority of users, access to bug information and links may remain limited, the company said.

“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but have not yet been fixed,” it added.

Attacks targeting heap buffer overflow bugs in Chrome’s GPU could lead to unrestricted information access or arbitrary code execution. Malicious people can use such vulnerabilities to install unwanted software on PCs.

Install last Chrome updateusers need to go to Settings -> About Chrome -> Wait for the latest version to finish downloading and -> Restart the program.

CVE-2022-41 is the eighth zero-day Chrome bug exploited by malicious actors in attacks this year.

Must Read
AI In Healthcare Still Has A Long Journey Ahead

The previous seven zero days are:

  • CVE-2022-3723
  • CVE-2022-3075
  • CVE-2022-2856
  • CVE-2022-2294
  • CVE-2022-1364
  • CVE-2022-1096
  • CVE-2022-0609

CVE-2022-3723, which was fixed by Google last month, is a very serious type confusion bug in the Chrome V8 JavaScript engine. The vulnerability was discovered and reported to Google by Avast analysts.

CVE-2022-3075, which was addressed in September, was described as an insufficient data validation issue in Mojo, a collection of runtime libraries that provide a cross-platform mechanism for inter-process communication (IPC).

Sophisticated hackers usually take advantage of zero-day bugs and deploy them in highly targeted attacks.

To prevent abuse, all Chrome users should upgrade their web browsers as soon as the makers release updates.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments