Google has fixed a zero-day vulnerability in Chrome for the eighth time this year

In a perfect world, software would be released bug-free and secure from day one. In reality, we’re always playing catch-up, and probably the best case we can hope for would be security issues being discovered by software makers during their own audits, or by security researchers who then share their findings with the developers. Unfortunately, sometimes these are discovered by malicious actors and exploited before devs are even aware — leading to what we usually call “zero-day” vulnerabilities.Google’s Chrome browser, in particular, isoften the target of malicious actors, being one of the highest-profile andbest browsersout there. Google is now sharing the details of its work in patching a zero-day vulnerability affecting Chrome — for what’s the eighth time it’s had to do so already this year.

The issue we’re talking about isCVE-2022-4135, and while full details haven’t been made available, we know it’s a heap buffer overflow in the GPU (viaBleeping Computer). Buffer overflows in general give access to memory regions that software shouldn’t normally have, potentially opening the door for taking control of your machine. In other words, it’s pretty bad — and this one bring a zero-day, Google notes that there’s already a malicious exploit for this vulnerability floating around out there in the wild.

4

In response, Google released an emergency update for Chrome 107 with the sole purpose of fixing this issue. Mac and PC users should check that they’re up to date by looking for version number 107.0.5304.121. If you already have this release, you’re already safe; this new version doesn’t change anything except for this specific fix.

As we mentioned, Google Chrome has already fixed a total of eight zero-day vulnerabilities in 2022, with the first one dating back to Valentine’s Day in February, and the last one before this arriving late last month. It all goes to show the importance of keeping your browser, and the software in your PC, updated — these are vulnerabilities that were actively exploited by malicious actors before they were patched. If you’re a Chrome user, check that your browser is fully updated.

The Google Chrome logo against a blue and white background.

The note-taking app I should have used all along

Broader branding hints at wider paid-tier ambitions

Browsers

Your new browser chrome-panion

EA has confirmed the early access release date for the next game in the Skate series

Samsung Notes logo in front of image containing S Pen and devices using Samsung Notes

I found the only AI photo app worth keeping on my phone

Breaking language barriers, one feed at a time

Google Home icon with some gadgets around it.