Google unveiled new software program patches on Thursday to tackle a new zero-working day vulnerability in its Chrome web browser.
Writing in a security bulletin, the tech huge explained the significant-severity vulnerability (tracked CVE-2022-4135) as a heap buffer overflow in the graphics processing device (GPU) ingredient.
Google attributed the discovery of the vulnerability to Clement Lecigne from its Danger Investigation Team (TAG), expressing the researcher manufactured the discovery on November 24.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The new vulnerability marks the eighth zero-day set by Google for the desktop model of the Chrome web browser.
The company is recommending users upgrade to model 107..5304.121/.122 for Windows and 107..5304.121 for Mac and Linux. Chromium-based browsers like Microsoft Edge, Brave, Opera and Vivaldi ought to also be updated to implement the fixes as and when they develop into readily available.
Google is also now withholding particulars about the vulnerability to protect against increasing its malicious exploitation.
Although the total scope of the exploit is at this time not known, this kind of vulnerability can typically enable danger actors to corrupt data and remotely execute code on a victim’s device.
In actuality, according to the US government’s National Institute of Expectations and Technology (NIST) company, CVE-2022-4135 makes it possible for a “remote attacker who experienced compromised the renderer method to perhaps conduct a sandbox escape through a crafted HTML website page.”
Patches for the vulnerability must be used routinely. If that is not the situation simply because of program configurations, end users can enhance their Chrome browser by clicking on the 3 vertical dots in the upper-suitable corner and navigating to ‘Help’ and then ‘About Google Chrome.’
The browser will then automatically examine for and obtain the most up-to-date develop (107..5304.121) and prompt consumers to restart their browser.
Some of the other zero-working day Chrome vulnerabilities found by Google this yr incorporate the CVE-2022-2294, which the company patched in July.
Some parts of this write-up are sourced from:
www.infosecurity-magazine.com
Remote Code Execution Vulnerability Found in Windows Internet Key Exchange