Google on Thursday unveiled software package updates to tackle however another zero-day flaw in its Chrome web browser.
Tracked as CVE-2022-4135, the large-severity vulnerability has been described as a heap buffer overflow in the GPU part. Clement Lecigne of Google’s Risk Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022.
Heap-dependent buffer overflow bugs can be weaponized by threat actors to crash a program or execute arbitrary code, main to unintended conduct.
“Google is informed that an exploit for CVE-2022-4135 exists in the wild,” the tech huge acknowledged in an advisory.
But like other actively exploited issues, complex specifics have been withheld until finally a the vast majority of the customers are up to date with a deal with and to avert more abuse.
With the most current update, Google has settled eight zero-day vulnerabilities in Chrome considering that the start out of the calendar year –
- CVE-2022-0609 – Use-following-free of charge in Animation
- CVE-2022-1096 – Style confusion in V8
- CVE-2022-1364 – Variety confusion in V8
- CVE-2022-2294 – Heap buffer overflow in WebRTC
- CVE-2022-2856 – Inadequate validation of untrusted enter in Intents
- CVE-2022-3075 – Insufficient details validation in Mojo
- CVE-2022-3723 – Form confusion in V8
People are advisable to enhance to version 107..5304.121 for macOS and Linux and 107..5304.121/.122 for Windows to mitigate prospective threats.
Consumers of Chromium-based mostly browsers this sort of as Microsoft Edge, Brave, Opera, and Vivaldi are also recommended to use the fixes as and when they develop into offered.
Located this posting exciting? Stick to THN on Facebook, Twitter and LinkedIn to examine more exclusive material we article.
Some sections of this write-up are sourced from: