While you’re shopping online for Black Friday today, do yourself a favor and update Chrome. On Thursday, Google began rolling out a new stable channel update for the Chrome browser on Windows, Mac, and Linux to patch a zero-day exploit that exists in the wild. If you haven’t already, check and make sure your browser is updated to at least version 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows.
Google’s Prudhvikumar Bommana says on the Chrome Releases blog that CVE-2022-4135 is a high-severity flaw concerning heap buffer overflow in GPU.
According to BleepingComputer, heap buffer overflow “is a memory vulnerability resulting in data being written to forbidden (usually adjacent) locations without check.” Hackers can use this vulnerability to overwrite an app’s memory to manipulate its execution path. After that, they can then access restricted information and execute arbitrary code.
As usual, we don’t actually know how hackers are exploiting this security flaw.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google explains. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
This is the eighth Chrome zero-day exploit that Google has patched in 2022. The one before this surfaced on November 1 and involved a type confusion weakness.
How to update your Chrome browser
Chrome doesn’t always apply the latest updates when you open the browser, so if you want to check and see which version you are running, go to Settings and then About Chrome at the bottom of the menu bar on the left side of the screen.
If you are already running the latest version of the browser, then you are good to go. If not, you should begin the process of updating as soon as possible. Once it finishes downloading, click the Relaunch button to finish updating.
More Google coverage: For more Pixel news, visit our Pixel 7 guide.