Google has released an important update to Chrome web browser that fixes another zero-day vulnerability.
The high-severity flaw has been in existence since 2022 and has been misused by attackers. Tracked as CVE-2022-413, Google describes it as heap buffer overflow in GPU. It is a type of buffer overflow attack wherein the data in the heap is overwritten to exploit some aspect of the program.
The vulnerability was reported on November 22 this year by Clement Lecigne of Google’s Threat Analysis Group. The tech giant released the fix on November 24 via a blog post.
“Google is aware that an exploit for CVE-2022-4135 exists in the wild”, it says. As announced by Google in the blog post, the stable channel for Google Chrome web browser has been updated to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows.
The Chrome GPU process is used to handle graphics and visual processing. Every page viewed in Google Chrome is rendered in a “sandbox”, a mechanism that isolates it from the rest of the computer and prevents malicious web content from affecting anything outside the browser tab, such as the files on your computer. In a sandbox escape, an attacker has found a way to escape the confines of the sandbox and reach the system beyond it.
Chrome users should ensure they are running the latest versions of the browser.
The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention.
However, you can end up lagging behind the most recent version if you never close the browser, or if something goes wrong—such as an extension stopping the update.
Chrome open the page
chrome://settings/help which you can also find by clicking Settings > About Chrome.
If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete.
After the update the version should be 107.0.5304.121 or later.