Google is rolling out an emergency security patch for its Chrome web browser on desktop. The reason for the rapid response is because of an exploited zero-day vulnerability in the browser. While Chrome is usually a very secure browser, Google admits it is seeing more zero days in 2022. In fact, this is the eighth such vulnerability that has been exploited this year.
Google is tracking the vulnerability as CVE-2022-4135 and is described by the company as a heap buffer overflow in the GPU. In the latest update, the company admits the flaw is now in the wild after a successful exploit:
“Google is aware that an exploit for CVE-2022-4135 exists in the wild,” the company says.
No Details
However, Google is not releasing specifics of the issue or what causes it at the moment. The reason for the restraint is to stop it from becoming easier for threat actors to exploit the flaw and target Chrome users:
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.”
To avoid this problem, Google Chrome users can update the browser to version 107.0.5304.121/122 if they are on Windows. Mac and Linux users can upgrade to version 107.0.5304.122. To do that, open Chrome and navigate to Settings > About Chrome > Wait for the download of the latest version to finish > Restart the program.
Tip of the day: Need to reduce picture size of several images, but don't have the time to edit every one? Microsoft's PowerToys image resizer can batch-resize your photos with just two clicks.
