Getty Illustrations or photos
Google has patched a zero-day vulnerability in its Chrome browser, the eighth of its kind this calendar year.
The vulnerability was brought on by a “heap buffer overflow in GPU”, Google mentioned. These kinds of vulnerabilities can let attackers to modify the facts stored in the application’s heap, perhaps altering what details the Chrome Browser outputs.
The exploitation of buffer overflow flaws could also guide to typical facts corruption inside of the software, or the manipulation of the Chrome browser’s inner buildings.
It has been assigned a severity ranking of ‘high’ whilst a specific CVSSv3 score has not nevertheless been produced.
‘High’ severity scores normally suggest a rating in the selection of 7.-8.9 – the second-greatest severity classification on the commonly made use of metric.
Google assigned the vulnerability with a CVE for vulnerability monitoring and administration (CVE-2022-4135) and unveiled the new steady channel variation of Google Chrome on Thursday across Windows, macOS, and Linux.
Google reported it will be maintaining extra detailed facts on the vulnerability less than wraps until eventually more users have had time to set up the update.
It will also refrain from releasing further particulars if the Google Chrome group discover the issue to be present in a third-party library on which other programs depend, for illustration, at minimum until that library also releases a fix.
The vulnerability was identified by Clement Lecigne, security engineer at Google’s Risk Assessment Group – its security workforce mostly devoted to countering governing administration-backed hacking endeavours – and Google created no sign that the vulnerability has been actively exploited in the wild.
CVE-2022-4135 marks the eighth zero-working day vulnerability identified in Google Chrome considering that the start off of 2022 and the 2nd zero-day triggered by a heap buffer overflow.
Due to the fact other significant browsers also operate on Chromium, these types of as Microsoft Edge, Opera, Vivaldi, and some others, these have been also vulnerable due to the fact they much too relied on Google’s V8 motor.
The total list of Google Chrome zero-working day vulnerabilities identified in 2022 can be found beneath:
Some components of this post are sourced from: