Patch Google Chrome Right Away to Address This Critical Security Issue. Chrome has been patched by Google for a critical zero-day flaw (CVE-2022-4135) that was discovered in the wild. The search engine giant warned that users are in danger since an exploit for the flaw, discovered by French security researcher Clement Lecigne, is already in the wild.
Google has stated that until “a majority of users are updated with a fix,” and “will also keep restrictions if the flaw resides in a third-party library that other projects similarly depend on, but have not yet fixed,” it will not be disclosing many details about the nature of the vulnerability.
In this case, Google was able to reveal that the vulnerability was a heap buffer overflow, a specific type of buffer overflow in which the overwriteable buffer resides in the “heap” of system memory. A further disclosure could “tip off” malicious actors about the vulnerability before the vast majority of Google Chrome users have installed the fix.
Users who do not wish to be affected by this issue should install the upcoming 107.0.5304.121 update for Mac and Linux, as well as the 107.0.5304.121/.122 upgrade for Windows, which will become available over the next few days and weeks.
Patch Google Chrome now to fix this emergency security flaw
— Targeted International (@TargetedInt) November 27, 2022
The Chrome browser, which is Google’s most popular, has had a steady stream of security holes discovered in recent years. According to StatCounter, the browser now has a 66.7% market share and had 303 vulnerabilities discovered between January 1, 2022, and October 5, 2022.
According to a report by cybersecurity firm Avertium, the flaw might have been exploited to trick Chrome into downloading and launching malicious spyware.