Security experts urge Chrome users to fix new zero-day exploit immediately

What happened now? Google has just released an emergency security update to fix a recently discovered vulnerability in the Chrome web browser. A buffer overflow exploit was discovered by Clement Lesin, a member of the Google Threat Analysis Group (TAG). Google acknowledged the problem and promised not to reveal details about the vulnerability until the patch is widely distributed.

New vulnerability classified as CVE-2022-4135this is heap buffer overflow GPU issue that could allow attackers to gain unauthorized access to information, cause application instability, or potentially allow arbitrary code to execute on the target machine.

TAG Google acknowledged the vulnerability in a recent channel stable update that was rolled out to prevent further exploitation. Google engineers have updated the stable channel 107.0.5304.121 for Mac and Linux systems, and the channel 107.0.5304.121/.122 for Windows-based systems. A list of all related updates and release notes can be found in the Chromium release. magazines.

The discovery marks the software giant’s eighth zero-day vulnerability in 2022. Previously patched vulnerabilities included:

A heap overflow can provide an opportunity for attackers to augment function pointers in an application, instead pointing them to arbitrarily deployed malicious code. This state is the result of a buffer overwrite in the system memory heap.

Google’s decision not to release details of the exploit is standard practice to minimize exploitation and impact of the vulnerability. By slowing understanding and awareness of the details of a vulnerability, users have more time to patch and update their browsers before an exploit can be exploited. It also provides developers of widely used third-party libraries with the ability to patch the vulnerability, further limiting exploitability.

“Access to bug information and links may be restricted until the majority of users receive a fix. We will also keep the restrictions if the bug exists in a third party library that other projects similarly depend on but have not yet been fixed. .” – Prudvikumar Bomman

Chrome users are advised to update their browsers as soon as possible and monitor any other Chromium-based browsers for similar updates once they are released.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button