Google pushes emergency Chrome update to fix 8th zero-day this year

by | Nov 25, 2022 | News

Google has released an emergency security update 8th zero-day 2022

Post Views: 233

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.

 

The high-severity flaw is tracked as CVE-2022-4135 and is a heap buffer overflow in GPU, discovered by Clement Lecigne of Google’s Threat Analysis Group on November 22, 2022.

“Google is aware that an exploit for CVE-2022-4135 exists in the wild,” reads the update notice.

As users need time to apply the security update on their Chrome installations, Google has withheld details about the vulnerability to prevent expanding its malicious exploitation.

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. – Google

In general, heap buffer overflow is a memory vulnerability resulting in data being written to forbidden (usually adjacent) locations without check.

See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course

Attackers may use heap buffer overflow to overwrite an application’s memory to manipulate its execution path, resulting in unrestricted information access or arbitrary code execution.

Chrome users are recommended to upgrade to version 107.0.5304.121/122 for Windows and 107.0.5304.122 for Mac and Linux, which addresses CVE-2022-4135.

To update Chrome, head to Settings → About Chrome → Wait for the download of the latest version to finish → Restart the program.

 

Chrome update screen
Chrome updated to the latest version

Trending: How to Exploit “improper error handling” in Web Applications

Trending: Recon Tool: Maigret

Chrome’s eighth zero-day fix in 2022

 

Chrome version 107.0.5304.121/122 fixes the eighth actively exploited zero-day vulnerability this year, indicating the high interest of attackers against the widely used browser.

The previous seven zero-day fixes are:

These flaws are typically leveraged by sophisticated hackers who use them in highly targeted attacks.

Nevertheless, all Chrome users are strongly advised to update their web browsers as soon as possible to block potential exploitation attempts.

Trending: Windows Kerberos authentication breaks after November updates

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This