Google on Thursday launched software updates to tackle but a further zero-day flaw in its Chrome web browser.
Tracked as CVE-2022-4135, the large-severity vulnerability has been described as a heap buffer overflow in the GPU element. Clement Lecigne of Google’s Menace Investigation Group (TAG) has been credited with reporting the flaw on November 22, 2022.
Heap-dependent buffer overflow bugs can be weaponized by risk actors to crash a application or execute arbitrary code, foremost to unintended conduct.
“Google is conscious that an exploit for CVE-2022-4135 exists in the wild,” the tech large acknowledged in an advisory.
But like other actively exploited issues, technical particulars have been withheld right up until a vast majority of the buyers are updated with a resolve and to protect against further more abuse.
With the hottest update, Google has fixed eight zero-day vulnerabilities in Chrome considering that the commence of the calendar year –
- CVE-2022-0609 – Use-soon after-no cost in Animation
- CVE-2022-1096 – Kind confusion in V8
- CVE-2022-1364 – Style confusion in V8
- CVE-2022-2294 – Heap buffer overflow in WebRTC
- CVE-2022-2856 – Insufficient validation of untrusted input in Intents
- CVE-2022-3075 – Insufficient info validation in Mojo
- CVE-2022-3723 – Type confusion in V8
Customers are suggested to update to edition 107..5304.121 for macOS and Linux and 107..5304.121/.122 for Windows to mitigate probable threats.
People of Chromium-primarily based browsers this kind of as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to implement the fixes as and when they come to be available.
Discovered this write-up exciting? Follow THN on Fb, Twitter and LinkedIn to read through much more unique content material we publish.
Some parts of this article are sourced from:
thehackernews.com