Latest Cyber Security News

You are here: Home / General Cyber Security News / Google rolls out patch for high-severity Chrome browser zero day
November 25, 2022

Getty Illustrations or photos

Google has patched a zero-day vulnerability in its Chrome browser, the eighth of its kind this calendar year. 

The vulnerability was brought on by a “heap buffer overflow in GPU”, Google mentioned. These kinds of vulnerabilities can let attackers to modify the facts stored in the application’s heap, perhaps altering what details the Chrome Browser outputs.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The exploitation of buffer overflow flaws could also guide to typical facts corruption inside of the software, or the manipulation of the Chrome browser’s inner buildings.

It has been assigned a severity ranking of ‘high’ whilst a specific CVSSv3 score has not nevertheless been produced. 

‘High’ severity scores normally suggest a rating in the selection of 7.-8.9 – the second-greatest severity classification on the commonly made use of metric.

Google assigned the vulnerability with a CVE for vulnerability monitoring and administration (CVE-2022-4135) and unveiled the new steady channel variation of Google Chrome on Thursday across Windows, macOS, and Linux.

Google reported it will be maintaining extra detailed facts on the vulnerability less than wraps until eventually more users have had time to set up the update.

It will also refrain from releasing further particulars if the Google Chrome group discover the issue to be present in a third-party library on which other programs depend, for illustration, at minimum until that library also releases a fix.

The vulnerability was identified by Clement Lecigne, security engineer at Google’s Risk Assessment Group – its security workforce mostly devoted to countering governing administration-backed hacking endeavours – and Google created no sign that the vulnerability has been actively exploited in the wild.

CVE-2022-4135 marks the eighth zero-working day vulnerability identified in Google Chrome considering that the start off of 2022 and the 2nd zero-day triggered by a heap buffer overflow.

3 of the eight zero-times impacting the world’s most well known browser have been brought about by problems in Google’s proprietary and open-sourced JavaScript V8 motor. 

Due to the fact other significant browsers also operate on Chromium, these types of as Microsoft Edge, Opera, Vivaldi, and some others, these have been also vulnerable due to the fact they much too relied on Google’s V8 motor.

The total list of Google Chrome zero-working day vulnerabilities identified in 2022 can be found beneath:

  • CVE-2022-3723 
  • CVE-2022-3075 
  • CVE-2022-2856 
  • CVE-2022-2294 
  • CVE-2022-1364 
  • CVE-2022-1096
  • CVE-2022-0609 

Some components of this post are sourced from:
www.itpro.co.uk

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *