Updated on 2022-11-25: Google Updates Chrome to Fix Zero-day
Google has updated the Chrome Stable Channel for Desktop to address a zero-day vulnerability in the browser. Google is not yet disclosing details about the heap buffer overflow in GPU, which is the eighth Chrome zero-day that Google has fixed this calendar year. The flaw “in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.”
Note
- Here we go, 8th Zero-day fix for Chrome/Chromium in 2022. You know the drill. Don’t assume this got pushed over the Thanksgiving holiday: make sure it either was or is scheduled for like now. This, along with CVE-2021-35587 for Oracle Fusion Middleware were added to the NIST KEV catalog November 28th with due dates of December 19th, which will be here soon enough.
- When will you be viewing Google Chrome as Adobe Reader? Chrome was once heralded as a very safe browser in comparison to the bugs found in the other browsers. How many Chrome vulnerabilities have we seen in the last 24 months? Is it “irrelevant” as Chrome patches itself?
Read more in
- Stable Channel Update for Desktop
- CVE-2022-4135 Detail
- Google pushes emergency Chrome update to fix 8th zero-day in 2022
- Google Patches Eighth Chrome Zero-Day of 2022
Overview: Chrome zero-day
Google has released a security update for the Chrome web browser to fix a zero-day vulnerability exploited in the wild. Google said it tracks the zero-day as CVE-2022-4135 and describes it as a heap buffer overflow in the Chrome GPU component. The vulnerability was discovered by one of the Google TAG researchers. This marks the eighth Chrome zero-day discovered this year. Read more: Stable Channel Update for Desktop
