IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google rolls out patch for high-severity Chrome browser zero day

It's the eighth time this year Google has been forced to address a zero-day vulnerability in its world-leading browser

Google has patched a zero-day vulnerability in its Chrome browser, the eighth of its kind this year. 

The vulnerability was caused by a “heap buffer overflow in GPU”, Google said. Such vulnerabilities can allow attackers to modify the data stored in the application’s heap, potentially altering what data the Chrome Browser outputs.

Related Resource

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Whitepaper cover with title on grey rectangle with top header banner and ESG logoFree Download

The exploitation of buffer overflow flaws could also lead to general data corruption within the application, or the manipulation of the Chrome browser’s internal structures.

It has been assigned a severity rating of ‘high’ although a specific CVSSv3 score has not yet been released. 

‘High’ severity ratings typically indicate a score in the range of 7.0-8.9 - the second-highest severity classification on the widely used metric.

Google assigned the vulnerability with a CVE for vulnerability tracking and management (CVE-2022-4135) and released the new stable channel version of Google Chrome on Thursday across Windows, macOS, and Linux.

Google said it will be keeping more detailed information on the vulnerability under wraps until more users have had time to install the update.

It will also refrain from releasing further details if the Google Chrome team find the issue to be present in a third-party library on which other applications depend, for example, at least until that library also releases a fix.

The vulnerability was discovered by Clement Lecigne, security engineer at Google’s Threat Analysis Group - its security team primarily devoted to countering government-backed hacking efforts - and Google made no indication that the vulnerability has been actively exploited in the wild.

CVE-2022-4135 marks the eighth zero-day vulnerability found in Google Chrome since the start of 2022 and the second zero-day caused by a heap buffer overflow.

Three of the eight zero-days affecting the world’s most popular browser have been caused by errors in Google’s proprietary and open-sourced JavaScript V8 engine. 

Since other major browsers also run on Chromium, such as Microsoft Edge, Opera, Vivaldi, and others, these were also vulnerable because they too relied on Google’s V8 engine.

The full list of Google Chrome zero-day vulnerabilities found in 2022 can be found below:

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT admins
operating systems

Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT admins

27 May 2022
Google Chrome branded the least effective browser for stopping phishing attacks
phishing

Google Chrome branded the least effective browser for stopping phishing attacks

26 May 2022
Google patches second Chrome browser zero-day of 2022
zero-day exploit

Google patches second Chrome browser zero-day of 2022

28 Mar 2022
Lenovo IdeaPad Duet 5 Chromebook review: A confident convertible
Laptops

Lenovo IdeaPad Duet 5 Chromebook review: A confident convertible

14 Mar 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022