Google has patched a vulnerability in the Chrome desktop version and has advised users to update their versions. On November 22, 2022, Clement Lecigne of Google’s Threat Analysis Group discovered a high-severity flaw tracked as CVE-2022-4135. The vulnerability reportedly affects the desktop version of the Google Chrome browser. With CVE-2022-4135, Chrome has reported its eighth zero-day vulnerability exploited in attacks this year.
The threat analysis group marked the vulnerability as “heap buffer overflow in GPU,” To protect browsers from being exploited by hackers, users are advised to update the latest security patch on their Chrome installation. The company has shared a report about the vulnerability and some mitigation techniques one can use to protect themselves from zero-day exploits.
Google Chrome CVE-2022-4135 explained
According to the reports, CVE-2022-4135 is a heap buffer overflow issue, which allows the data to be written in forbidden (usually adjacent) locations without check. This allows hackers to use the heap buffer overflow to overwrite an application’s memory to change its execution path. Once the attackers change the execution path, they can access data or employ unauthorized code execution.
Since buffer overflow can execute a code outside its memory blocks, hackers can use this vulnerability to introduce their codes within an application the browser uses. If an outside entity could trigger a buffer overflow, they could take advantage of the execution path and take control of the data shared and stored on the victim’s networks.
The search engine giant didn’t directly disclose how or where the vulnerability could be exploited. However, researchers believed that the security bug works on memory mismanagement — making it more devious as it could launch remote code execution followed by remote malware installation and much more that could negatively impact users and their data.
As for mitigation concerning this vulnerability, Chrome users are advised to update versions 107.0.5304.121/122 for Windows and 107.0.5304.122 for Mac and Linux, which fixes the CVE-2022-4135 vulnerability. To update to the latest security patch, open Chrome browser and navigate to Settings About Chrome. Once there, check for any new version of the browser and update using the on-screen instructions.
