Google has released an update for a severe zero-day vulnerability, known as CVE-2022-4135, that affects its Chrome browser.
The search giant said so Exploitation of weaknessDiscovered by French security researcher Clément Leysin, it exists in the wild, which means users could be at risk.
Google said that it wouldn’t reveal much information about the nature of the vulnerability “until the majority of users have updated with a fix” and that it “will also keep the bug in check if the bug is in a third-party library that other projects similarly rely on is in play, but hasn’t been fixed yet.”
So, what do we know?
Google was able to reveal that the vulnerability was an example of a so-called “buffer overflow,” which is a variety of buffer overflow where the write-exposed buffer is located in the “heap” portion of system memory.
Detection may no longer “alert” bad actors about the vulnerability before the vast majority of Google Chrome users are fully patched.
Users who want to avoid the risk of being affected are advised to update to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows, both of which will be rolling out over the coming days and weeks.
Google’s flagship Chrome browser It has certainly resulted in a steady number of vulnerabilities In the last years.
The browser currently has about 66 percent of the market share according to Data from StatCounter (Opens in a new tab)and 303 vulnerabilities were discovered between January 1, 2022, and October 5, 2022, according to data from
In contrast, Safari only had 26 vulnerabilities detected in the same time period, Microsoft Edge had 103 vulnerabilities, and Mozilla Firefox came in second with 117 vulnerabilities.
This includes a zero-day vulnerability called CVE-2022-3723 It was revealed earlier this monthwhich was apparently a “type confusion flaw” affecting Chrome’s V8 JavaScript engine.
According to a report by cybersecurity firm Avertium, the vulnerability likely enabled bad actors to trick Chrome into running malicious malware.