Google rolls out patch for high-severity Chrome browser zero day
It's the eighth time this year Google has been forced to address a zero-day vulnerability in its world-leading browser
Google has patched a zero-day vulnerability in its Chrome browser, the eighth of its kind this year.
The vulnerability was caused by a “heap buffer overflow in GPU”, Google said. Such vulnerabilities can allow attackers to modify the data stored in the application’s heap, potentially altering what data the Chrome Browser outputs.
Solve cyber resilience challenges with storage solutions
Fundamental capabilities of cyber-resilient IT infrastructureFree Download
The exploitation of buffer overflow flaws could also lead to general data corruption within the application, or the manipulation of the Chrome browser’s internal structures.
It has been assigned a severity rating of ‘high’ although a specific CVSSv3 score has not yet been released.
‘High’ severity ratings typically indicate a score in the range of 7.0-8.9 - the second-highest severity classification on the widely used metric.
Google assigned the vulnerability with a CVE for vulnerability tracking and management (CVE-2022-4135) and released the new stable channel version of Google Chrome on Thursday across Windows, macOS, and Linux.
Google said it will be keeping more detailed information on the vulnerability under wraps until more users have had time to install the update.
It will also refrain from releasing further details if the Google Chrome team find the issue to be present in a third-party library on which other applications depend, for example, at least until that library also releases a fix.
The vulnerability was discovered by Clement Lecigne, security engineer at Google’s Threat Analysis Group - its security team primarily devoted to countering government-backed hacking efforts - and Google made no indication that the vulnerability has been actively exploited in the wild.
The full list of Google Chrome zero-day vulnerabilities found in 2022 can be found below:
2022 State of the multi-cloud report
What are the biggest multi-cloud motivations for decision-makers, and what are the leading challengesFree Download
The Total Economic Impact™ of IBM robotic process automation
Cost savings and business benefits enabled by robotic process automationFree Download
Multi-cloud data integration for data leaders
A holistic data-fabric approach to multi-cloud integrationFree Download
MLOps and trustworthy AI for data leaders
A data fabric approach to MLOps and trustworthy AIFree Download