Google has released an update for a high-severity zero-day vulnerability, known as CVE-2022-4135, which impacts its Chrome browser.
The search giant said that an exploit for the vulnerability, detected by the French security researcher Clement Lecigne, exists in the wild, meaning users could be at risk.
Google said it won’t disclose much information about the nature of the vulnerability “until a majority of users are updated with a fix” and that it “will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed”.
So, what do we know?
Google was able to disclose that the vulnerability was an example of what’s called a “heap buffer overflow”, a variety of buffer overflow where a buffer that is vulnerable to overwriting is located in the “heap” portion of the system’s memory.
Disclosing anymore could “tip off” bad actors about the vulnerability before the vast majority of Google Chrome’s users are fully patched.
Users who want to avoid the risk of being impacted are advised to update to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows, which are both sets that will roll out over the coming days and weeks.
Google’s flagship Chrome browser has certainly racked up a stable number of security vulnerabilities in recent years.
The browser currently boasts around 66 percent market share according to data from StatCounter (opens in new tab), and has had 303 vulnerabilities unearthed between January 1, 2022, to October 5, 2022 according to data from
In contrast, Safari only had 26 vulnerabilities revealed in the same time period, while Microsoft Edge had 103 vulnerabilities,s and Mozilla Firefox came in second place with 117 vulnerabilities.
READ MORE:
This includes a zero-day vulnerability called CVE-2022-3723 uncovered earlier this month, which apparently represented a “Type Confusion flaw” which impacted Chrome’s V8 JavaScript engine.
As per a report from cybersecurity company Avertium, the vulnerability could have potentially enabled bad actors to dupe Chrome into running malignant malware.