On an emergency basis, Google released an update to the desktop version of Chrome on Thursday (24). Its goal is to address a zero-day security flaw widely exploited in 2022. In this way, users can already guarantee the update in their browsers. Meanwhile, the search brand preferred not to disclose further details about the vulnerability, as it wants to prevent the spread of the exploit.
The American company considers this failure a matter of enormous gravity. She is tracked as CVE-2022-4135 and is a GPU heap overflow, which occurs when a chunk of memory is allocated to the heap and data is written to it without any checks being performed.
The person who made the discovery was Clement Lecigne, a professional from Google’s Threat Analysis group.
At blog post on the 24th, the company stated that there are already ways to exploit this gap🇧🇷 Therefore, she released the following note:
O Google is aware that there is an exploit for CVE-2022-4135 out there.
Access to bug details and links may be kept restricted until the majority of users are updated with a fix. We’ll also keep the restrictions in place if the bug exists in a third-party library that other projects similarly depend on but haven’t fixed yet.
The main suggestion in this case is for people to update Chrome to version 107.0.5304.121/122 on Windows or version 107.0.5304.122 on Mac and Linux.
A zero-day security flaw is a newly discovered type of breach. That is, because it is very recent, it presents huge threats and requires great attention from developers and other professionals.
How to Update Google Chrome
- Open the settings;
- Select “About Google Chrome”;
- When you open the option, the application will automatically start updating;
- Finally, once the update is complete, click on the “Restart” option to finish the installation.
Security flaw is nothing new in Chrome
Like any application, the search giant’s browser is a constant target for cybercriminals. This means that whenever a security hole is discovered, the Google team needs to act quickly to prevent hackers from taking advantage of it.
Even so, the CVE-2022-4135 call is not the first imperfection that has cropped up to give developers a headache.
Already in 2021, three day-one failures appeared in different months. They all had openings that were being actively exploited by hackers. As a result, more urgent updates were developed by the American company.
Keeping your apps up to date turns out to be the main way to protect yourself from situations like this. It’s important to be sure to secure the latest version as soon as possible.
With information: Bleeping Computer🇧🇷