• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
google rolls out patch for high severity chrome browser zero day

Google rolls out patch for high-severity Chrome browser zero day

You are here: Home / General Cyber Security News / Google rolls out patch for high-severity Chrome browser zero day
November 25, 2022

Getty Illustrations or photos

Google has patched a zero-day vulnerability in its Chrome browser, the eighth of its kind this calendar year. 

The vulnerability was brought on by a “heap buffer overflow in GPU”, Google mentioned. These kinds of vulnerabilities can let attackers to modify the facts stored in the application’s heap, perhaps altering what details the Chrome Browser outputs.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The exploitation of buffer overflow flaws could also guide to typical facts corruption inside of the software, or the manipulation of the Chrome browser’s inner buildings.

It has been assigned a severity ranking of ‘high’ whilst a specific CVSSv3 score has not nevertheless been produced. 

‘High’ severity scores normally suggest a rating in the selection of 7.-8.9 – the second-greatest severity classification on the commonly made use of metric.

Google assigned the vulnerability with a CVE for vulnerability monitoring and administration (CVE-2022-4135) and unveiled the new steady channel variation of Google Chrome on Thursday across Windows, macOS, and Linux.

Google reported it will be maintaining extra detailed facts on the vulnerability less than wraps until eventually more users have had time to set up the update.

It will also refrain from releasing further particulars if the Google Chrome group discover the issue to be present in a third-party library on which other programs depend, for illustration, at minimum until that library also releases a fix.

The vulnerability was identified by Clement Lecigne, security engineer at Google’s Risk Assessment Group – its security workforce mostly devoted to countering governing administration-backed hacking endeavours – and Google created no sign that the vulnerability has been actively exploited in the wild.

CVE-2022-4135 marks the eighth zero-working day vulnerability identified in Google Chrome considering that the start off of 2022 and the 2nd zero-day triggered by a heap buffer overflow.

3 of the eight zero-times impacting the world’s most well known browser have been brought about by problems in Google’s proprietary and open-sourced JavaScript V8 motor. 

Due to the fact other significant browsers also operate on Chromium, these types of as Microsoft Edge, Opera, Vivaldi, and some others, these have been also vulnerable due to the fact they much too relied on Google’s V8 motor.

The total list of Google Chrome zero-working day vulnerabilities identified in 2022 can be found beneath:

  • CVE-2022-3723 
  • CVE-2022-3075 
  • CVE-2022-2856 
  • CVE-2022-2294 
  • CVE-2022-1364 
  • CVE-2022-1096
  • CVE-2022-0609 

Some components of this post are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News Experts Find 1600+ Malicious Docker Hub Images
Next Post: Experts Warn Remote Workers of Black Friday Security Threats Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.