Google has released an emergency security update for the desktop version of its Chrome web browser, with the aim of addressing an exposed vulnerability that was exploited in attacks this year.
The highly critical vulnerability is being tracked with ID CVE-2022-4135, and it is for GPUs. It was discovered by Clement Lysine, an information security engineer working for Google’s Threat Analysis Group, on November 22.
“Google knows that the CVE-2022-4135 vulnerability is being exploited in the industry,” Google said in the security update notice.
Because users need time to apply the security update to their Chrome installations, Google has withheld details about the vulnerability to prevent its malicious exploitation from being expanded.
The current buffer overflow vulnerability is said to be in GPU memory and causes data to be written to restricted, usually contiguous, locations without checking.
Attackers may use a buffer overflow vulnerability to overwrite the application’s memory to manipulate the execution path, resulting in unrestricted access to information, or arbitrary code execution.
Chrome browser users are advised to upgrade to version 107.0.5304.121/122 for Windows and version 107.0.5304.122 for Mac and Linux. This release corrects CVE-2022-4135.
To update Chrome, the user must go to Settings, then “About Chrome”, then wait until the latest version of the browser is downloaded, then restart it.
It should be noted that the new Chrome version 107.0.5304.121/122 patches the eighth vulnerability exposed this year, indicating the attackers’ increasing interest in the popular browser.
As for the previous seven loopholes, they are:
- CVE-2022-3723 – as of October 28
- CVE-2022-3075 – As of September 2
- CVE-2022-2856 – 17 August
- CVE-2022-2294 – July 4
- CVE-2022-1364 – April 14
- CVE-2022-1096 – March 25
- CVE-2022-0609 – February 14
These vulnerabilities are usually taken advantage of by sophisticated hackers who use them in highly targeted attacks. However, all Chrome users are strongly advised to update their web browsers as soon as possible to prevent potential exploits.
[…] submitted by /u/kouragoal [link] […]