The eighth zero-day vulnerability utilized in assaults this yr has been fastened by Google in an emergency safety improve for the desktop model of the Chrome net browser.
This high-severity zero-day vulnerability is tracked as CVE-2022-4135, a Heap buffer overflow in GPU. The safety flaw was recognized by Clement Lecigne of Google’s Risk Evaluation Group on November 22, 2022.
A heap overflow is a type of buffer overflow; it occurs when a piece of reminiscence is allotted to the heap and knowledge is written to this reminiscence with none sure checking being carried out on the information.
Therefore, risk actors might manipulate the execution path of an software by overwriting its reminiscence utilizing a heap buffer overflow, resulting in arbitrary code execution or unrestricted info entry.
Google’s Emergency Replace
In keeping with Google’s replace discover, the Steady channel has been up to date to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Home windows, which is able to roll out over the approaching days/weeks.
 “Entry to bug particulars and hyperlinks could also be saved restricted till a majority of customers are up to date with a repair. We may even retain restrictions if the bug exists in a third-party library that different tasks equally rely on, however haven’t but fastened”, Google
To replace Chrome, head to Settings → About Chrome → Anticipate the obtain of the most recent model to complete → Restart this system.
“Google is conscious that an exploit for CVE-2022-4135 exists within the wild”, Google mentioned in a launch be aware.
Zero-day Vulnerability Fastened In 2022
Google has launched Chrome 107.0.5304.121/122 which fixes the eighth actively exploited zero-day vulnerability. The earlier seven zero-day fixes embody:
So as to purchase unrestricted entry to delicate knowledge, hackers regularly use these flaws in extremely focused assaults.
Thus, Google urged customers to replace their Chrome net browser straight away to protect in opposition to exploitation.
Penetration Testing As a Service – Obtain Crimson Crew & Blue Crew Workspace
