Google has confirmed the eighth zero-day exploit impacting the Chrome browser on Windows, Mac, Linux, and Android platforms. An emergency fix addressing this single issue is being rolled out now, but you can force-update your browser immediately.
Other browser clients using the Chromium engine should also expect to see updates soon.
Google confirms Chrome zero-day number 8 for 2022
It used to be a very rare event when a Google Chrome update addressed a single security issue, reserved for those occasions where a vulnerability was known to be under exploit by attackers in the wild before a fix was available. In 2022 there have now been updates covering a total of eight such zero-days.
The latest, a high-severity heap buffer overflow issue in the Chromium GPU, is CVE-2022-4135. The zero-day, reported by Clement Lecigne of Google’s own Threat Analysis Group, could enable an attacker to escape the security sandbox (using a malicious HTML page) had they compromised the renderer process, according to the National Institute of Standards and Technology (NIST) national vulnerability database entry.
MORE FOR YOU
Google itself has released no further information regarding the zero-day. This is not uncommon with such a vulnerability so as to enable a majority of users to install the update and gain protection before other attackers try their hands.
All Google has said is that it is “aware that an exploit
Read more