Google pushes emergency Chrome update to fix 8th zero-day in 2022
Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.
“Google is aware that an exploit for CVE-2022-4135 exists in the wild,” reads the update notice.
As users need time to apply the security update on their Chrome installations, Google has withheld details about the vulnerability to prevent expanding its malicious exploitation.
In general, heap buffer overflow is a memory vulnerability resulting in data being written to forbidden (usually adjacent) locations without check.
Attackers may use heap buffer overflow to overwrite an application’s memory to manipulate its execution path, resulting in unrestricted information access or arbitrary code execution.
Chrome users are recommended to upgrade to version 107.0.5304.121/122 for Windows and 107.0.5304.122 for Mac and Linux.
To update Chrome, head to Settings → About Chrome → Wait for the download of the latest version to finish → Restart the program.
Chrome’s eighth zero-day fix in 2022
Chrome version 107.0.5304.121/122 fixes the eighth actively exploited zero-day vulnerability this year, indicating the high interest of attackers against the widely used browser.
Nevertheless, all Chrome users are strongly advised to update their web browsers as soon as possible to block potential exploitation attempts.