Recently, Google pushed out an emergency security update for the desktop version of its Google Chrome browser; well, this is the eighth Zero-day vulnerability that Google has addressed this year.
A Zero-day venerability is a weakness in a system or app that has been discovered by the Attacker/Hacker though it is still unknown to the developer so is called Zero-day because once the hacker detects the vulnerability the developer/software company essential has zero-day to fix the vulnerability before it gets exploited.
The high-security flaw is being tracked as CVE-2022-4135; it’s a heap buffer overflow in GPU, which was discovered by Clement Lecigne of Google Threat Analysis Group. Well, for those who don’t know – Heap buffer overflow is a memory vulnerability that results in data being overwritten to a barred location without check.
In a notice update, the search engine giant said that it is aware that the vulnerability exists in the wild. Also, as users need time to apply the security update to their Chrome browsers, the company has refused to give details about the vulnerability to prevent its malicious exploitation further!
Access to bug details and links may be kept restricted until a majority of users are updated with a fix, and we will also retain restrictions if the bug exists in a third-party library that other project similarly depends on but haven’t fixed it yet. said the company
hackers may use heap buffer overflow to overwrite an application’s memory to exploit its execution path, which results in unrestricted information access to arbitrary code execution. Google Chrome users are recommended to upgrade to version 107.0.5304.121 for Windows and 107.0.5304.122 for Mac and Linux; this addresses the CVE-2022-4135 vulnerability.
So to update your Chrome browser to the latest version, go to Settings & then About Google and now all you gotta do is wait for the latest update to finish > Restart Google Chrome.
Google Chrome update 107.0.5304.121 and 107.0.5304.122 fixes this eighth exploit, a Zero-day vulnerability
These are Zero days vulnerability Google faced this year.
- CVE-2022-0609 – Febuary 14th
- CVE-2022-1096 – March 25th
- CVE-2022-1364 – April 14th
- CVE-2022-2294 – July 4th
- CVE-2022-2856 – August 17th
- CVE-2022-3075 – September 2nd
- CVE-2022-3723- October 28th
Moreover, these vulnerabilities are exploited by sophisticated hackers who use them for highly targeted attacks. Thereby, all Google Chrome users are firmly advised to update their to update Chrome browser to stop the possible exploit.