Recently, Google confirmed and quickly patched the vulnerability, which has been given a name: CVE-2022-4135 and priority: high. This was the eighth 0-day vulnerability this year related to the Chrome browser. The vulnerability was officially made public by the Google team: Google’s Threat Analysis Group. The team also said they were aware that the vulnerability may have been exploited, even though it was not widely known, and they may not have been the first to find it.
Today, network environments, computers, systems, and programs, have increasingly better protection against attacks. It is often difficult for hackers to break through security, so they are becoming less and less willing to share information about 0-day vulnerabilities online. Here, we are talking about the world’s most popular browser. So it shouldn’t be surprising that the exploit was not immediately published (assuming it was not found by the so-called ethical hackers).
The vulnerability itself relates to a ‘buffer overflow’ attack, which – in simple terms – involves writing data outside of the allocated memory. Interestingly, Google did not provide exact information on the technical details of the vulnerability.
As updates have been released to remove the vulnerability, it is worth checking your browser version and verifying that you are protected against this particular attack. It should be noted that this does not only apply to the Google Chrome browser. Microsoft Edge is also vulnerable, as it is built on Chromium code (on which, Chrome is also based) and Microsoft has also released updates to the browser regarding CVE-2022-4135.
Secure browser versions (exact numbers or newer) are:
Google Chrome: 107.0.5304.121
Microsoft Edge: 107.0.1418.62
Source:
Chrome fixes 8th zero-day of 2022 – check your version now (Edge too!)