Latest Cyber Security News

You are here: Home / General Cyber Security News / Google rolls out patch for high-severity Chrome browser zero day
November 25, 2022

Getty Illustrations or photos

Google has patched a zero-day vulnerability in its Chrome browser, the eighth of its kind this calendar year. 

The vulnerability was brought on by a “heap buffer overflow in GPU”, Google mentioned. These kinds of vulnerabilities can let attackers to modify the facts stored in the application’s heap, perhaps altering what details the Chrome Browser outputs.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The exploitation of buffer overflow flaws could also guide to typical facts corruption inside of the software, or the manipulation of the Chrome browser’s inner buildings.

It has been assigned a severity ranking of ‘high’ whilst a specific CVSSv3 score has not nevertheless been produced. 

‘High’ severity scores normally suggest a rating in the selection of 7.-8.9 – the second-greatest severity classification on the commonly made use of metric.

Google assigned the vulnerability with a CVE for vulnerability monitoring and administration (CVE-2022-4135) and unveiled the new steady channel variation of Google Chrome on Thursday across Windows, macOS, and Linux.

Google reported it will be maintaining extra detailed facts on the vulnerability less than wraps until eventually more users have had time to set up the update.

It will also refrain from releasing further particulars if the Google Chrome group discover the issue to be present in a third-party library on which other programs depend, for illustration, at minimum until that library also releases a fix.

The vulnerability was identified by Clement Lecigne, security engineer at Google’s Risk Assessment Group – its security workforce mostly devoted to countering governing administration-backed hacking endeavours – and Google created no sign that the vulnerability has been actively exploited in the wild.

CVE-2022-4135 marks the eighth zero-working day vulnerability identified in Google Chrome considering that the start off of 2022 and the 2nd zero-day triggered by a heap buffer overflow.

3 of the eight zero-times impacting the world’s most well known browser have been brought about by problems in Google’s proprietary and open-sourced JavaScript V8 motor. 

Due to the fact other significant browsers also operate on Chromium, these types of as Microsoft Edge, Opera, Vivaldi, and some others, these have been also vulnerable due to the fact they much too relied on Google’s V8 motor.

The total list of Google Chrome zero-working day vulnerabilities identified in 2022 can be found beneath:

  • CVE-2022-3723 
  • CVE-2022-3075 
  • CVE-2022-2856 
  • CVE-2022-2294 
  • CVE-2022-1364 
  • CVE-2022-1096
  • CVE-2022-0609 

Some components of this post are sourced from:
www.itpro.co.uk

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *