Security experts urge Chrome users to patch new zero-day exploit immediately
What just occurred? Google just launched an crisis safety update to patch a newly found vulnerability in the Chrome web browser. The buffer overflow-based mostly exploit was identified by Clément Lecigne, a member of the Google Risk Evaluation Group (TAG). Google acknowledged the problem and pledged to withhold even more aspects about the vulnerability right until the patch has been commonly deployed.
The new vulnerability, categorized as CVE-2022-4135, is a heap buffer overflow difficulty in the GPU that can consequence in malicious actors gaining unauthorized obtain to information and facts, induce application instability, or potentially offer permission to execute arbitrary code on the goal device.
Google’s TAG acknowledged the vulnerability in a latest stable channel update that was deployed to prevent even further exploitation. Google engineers current secure channel 107..5304.121 for Mac and Linux methods as properly as channel 107..5304.121/.122 for Home windows-primarily based devices. A checklist of all related updates and release notes can be located in Chromium’s launch logs.
The obtaining marks the computer software giant’s eighth zero-working day vulnerability of 2022. Previously patched vulnerabilities involved:
The heap overflow can offer attackers with the capacity to augment useful pointers inside of an software, as a substitute pointing them toward arbitrarily deployed destructive code. The condition is the consequence of a buffer overwrite in the heap portion of a system’s memory.
Google’s decision not to right away share the exploit’s facts is a regular exercise intended to reduce the vulnerability’s use and affect. By slowing the comprehension and awareness of the vulnerability’s particulars, users have much more time to patch and update their browsers just before the exploit can be leveraged. It also offers builders of closely applied 3rd-occasion libraries with the skill to patch the vulnerability, further more limiting exploitability.
“Entry to bug specifics and backlinks could be saved limited until a bulk of buyers are updated with a deal with. We will also retain limits if the bug exists in a 3rd-bash library that other initiatives in the same way count on, but haven’t nevertheless mounted.” – Prudhvikumar Bommana
Chrome customers are advised to update their browsers as soon as probable and really should observe any other Chromium-dependent browsers for similar updates at the time introduced.
