Google released emergency safety update for the desktop version of the browser Chrome, Eliminating the 8th zero-day vulnerability used in attacks this year.
Vulnerability with a high degree of danger CVE-2022-4135 is an overflow of buffer in a heap in a graphic processor. The disadvantage was discovered by Lesine Clement from the group of threat analysis Google Threat Analysis Group on November 22, 2022.
In her notice, Google wrote that she knows about the existence of exploit for the CVE-2022-4135. Since users need time to apply the update, Google hid the details of vulnerability to prevent its malicious use.
The vulnerability of overflowing the buffer in the heap leads to the fact that the data is recorded in prohibited places without verification. Cybercriminals can use the overflow of the buffer of the heap to rewrite the application of the application, which leads to free access to information or execution of arbitrary code.
Chrome users are recommended to be updated to version 107.0.5304.121/122 for Windows and 107.0.5304.122 for Mac and Linux, which eliminates CVE-2022-4135.
In October, Google Chrome 107 received an emergency update from Google with the correction of the seventh 0-day vulnerability to the identifier CVE-2022-3723, which is actively used in the wild. The gap in protection is associated with the confusion of types in the JavaScript Chromium V8 engine. And on October 25, researchers from Avast reported about her.