Yet another Chrome “zero-day” vulnerability was patched by Google, the 8th for 2022.
The tech giant released security updates to address a new zero-day vulnerability impacting the Chrome web browser.
The vulnerability tracked with CVE-2022-4135 is actively exploited by threat actors and refers to a heap buffer overflow issue in GPU. An attacker can exploit the heap buffer overflow to potentially gain arbitrary code execution on systems running vulnerable versions of the browser.
“Google is aware that an exploit for CVE-2022-4135 exists in the wild,” the company noted in an advisory without delving into technical specifics about how the security vulnerability was used in attacks or the threat actors that may have weaponized it.
Chrome New Version Release
Google fixed the zero-day with the release of version 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows, which the company plans to roll out over the coming days/weeks.
Users are strongly advised to update their Chrome web browsers as soon as possible by going into Chrome menu > Help > About Google Chrome to prevent exploitation attempts.
Chrome Zero-Day Vulnerabilities for 2022
The CVE-2022-4135 vulnerability is the eighth actively exploited Chrome zero-day addressed by Google this year, below is the list of the other zero-day fixed by the tech giant:
- CVE-2022-3723 – (October 28) – type confusion issue that resides in the V8 Javascript engine
- CVE-2022-3075 (September 2) – Insufficient data validating in the Mojo collection of runtime libraries.
- CVE-2022-2856 (August 17) – Insufficient validation of untrusted input in Intents
- CVE-2022-2294 (July 4) – Heap buffer overflow in the Web Real-Time Communications (WebRTC) component
- CVE-2022-1364 (April 14) – type confusion issue that resides in the V8 JavaScript engine
- CVE-2022-1096 – (March 25) – type Confusion in V8 JavaScript engine
- CVE-2022-0609 – (February 14) – use after free issue that resides in the Animation component.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.