CVE-2022-4135: New Zero-Day Vulnerability in Google Chrome

Google on Thursday shipped emergency patches to address a security vulnerability in its Chrome web browser, which it says is being actively exploited in the wild.

Tracked as CVE-2022-4135, Google described the high-severity flaw as a heap buffer overflow in GPU. Clement Lecigne of Google’s Threat Analysis Group has been credited with reporting the flaw on November 22, 2022.

“Google is aware that an exploit for CVE-2022-4135 exists in the wild,” the company noted in an advisory without delving into technical specifics about how the security vulnerability was used in attacks or the threat actors that may have weaponized it.

To ensure security, Google has released an emergency security update to fix this vulnerability, the corresponding version number is Google Chrome 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows.

Users of Google Chrome can go to the About page of the settings, where they can see the current version number and can automatically check the latest version. If the user deploys the online installation package, it can be updated automatically. If the user deploys the offline installation package, the user needs to manually download the new version to upgrade. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.