 |
| Google releases an emergency update to fix a critical error in Chrome |
Google has released an emergency security update for the desktop version of its Chrome web browser with the goal of fixing a disclosed vulnerability that was exploited in attacks this year.
On November 22, Clément Lesain, an information security engineer working for the Threat Analysis Group at Google, discovered this very serious vulnerability, ID CVE-2022-4135, which targets GPUs.
"Google is aware that vulnerability CVE-2022-4135 is being exploited by industry," Google said in the security update notice.
Because users take the time to apply security updates to their Chrome installations, Google has withheld details about the vulnerability to prevent the malicious exploit from being amplified.
The current buffer overflow problem is believed to be in the GPU's memory, resulting in uncontrollable writing of data to limited and often contiguous memory locations.
An attacker could exploit a buffer overrun vulnerability to overwrite the application's memory in order to manipulate the execution path, resulting in unrestricted access to information or arbitrary code execution.
Chrome browser users are recommended to update to 107.0.5304.121/122 for Windows and 107.0.5304.122 for Mac and Linux. This release fixes CVE-2022-4135.
To update Chrome, users need to go to Settings, then Chrome, wait for the latest version of the browser to download, and then restart it.
It should be noted that the new Chrome version 107.0.5304.121/122 has fixed the eighth vulnerability disclosed in the year, which indicates that attackers are becoming increasingly interested in the popular browser.
The previous seven weaknesses are:
- CVE-2022-3723 - As of Oct. 28
- CVE-2022-3075 - Dated Sept. 2
- CVE-2022-2856-17 Aug
- CVE-2022-2294 - July 4th
- CVE-2022-1364-April 14
- CVE-2022-1096-25 Mar
- CVE-2022-0609 - February 14th
These vulnerabilities are often exploited by experienced hackers who use them to launch highly targeted attacks. However, all Chrome users are strongly advised to update their web browsers as soon as possible to avoid potential exploits.