Google Releases Emergency Chrome Update Fixing Zero-Day Vulnerability

Google has released an emergency security update for the desktop version of the Chrome web browser that fixes a zero-day vulnerability. It was used in attacks this year.

The high severity vulnerability has been identified as CVE-2022-4135 and is a GPU heap overflow bug. It leads to the fact that data is written to forbidden places without verification. Attackers can use the bug to overwrite the application's memory and manipulate it through execution. This leads to unrestricted access to information and makes it possible to execute arbitrary code.

On November 22, the vulnerability was discovered by Clement Lesinem of the Google Threat Intelligence Team. It is already being exploited by hackers.

Because users need time to apply the update, Google has yet to release details about the vulnerability.

Chrome users are advised to update to version 107.0.5304.121/122 for Windows and 107.0.5304.122 for Mac and Linux. To do this, go to "Settings" → "About Chrome" → "Wait for the latest version to download" → "Restart the program."

The update fixes the eighth actively exploited zero-day vulnerability this year.

Google released the previous emergency update on October 30th. It fixed the zero-day vulnerability CVE-2022-3723 related to type confusion in the Chromium V8 JavaScript engine. This is not the first 0-day vulnerability related to the engine.