Google has been offering a Chrome update for a few days that we cannot recommend that you install more. Indeed, it fixes a 0-day flaw listed in the NIST database under the reference CVE-2022-4135. This flaw is based on a buffer overflow issue in the GPU component.
The flaw was first reported to google teams on November 22, 2022. Thanks to this flaw, hackers could arbitrarily crash programs and execute arbitrary code from specially modified web pages to include a compromised rendering process.
Update Google Chrome ASAP
From there, according to the researchers, it becomes possible to escape the sandboxing environment that normally secures the browser – and continue with the malicious action. Google specifies to be “advised that an exploit around CVE-2022-4135 exists in the wild”. The more precise details are for the time being kept secret until a majority of users have been able to update their browser.
Google thus avoids giving a “how to” allowing more hackers to understand how to exploit the security flaw and thus potentially compromise the security of millions of additional users. The CVE-2022-4135 flaw is only one of the 8 flaws addressed by this update.
Engine also affected by a buffer overflow issue (CVE-2022-2294). Google also fixes the CVE-2022-2856 flaw in Web Intents which addresses insufficient input validation. But also the CVE-2022-3075 flaw which covers a validation problem in Mojo. Finally the update fixes the CVE-2022-1364 Type Confusion flaw in the WebRTC component.
It is once again highly recommended to apply this update which should only last a few minutes, especially on macOS, Linux and Windows 11. The version number after the update should be 108.0.5359.94 after the update if everything went well (the latest version of Chrome is 108.0.5359.79 on Android and 108.0.5359.52 on iPhone.
Similar patches should also be offered by third-party Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi. To update Chrome, it is generally sufficient to close and then reopen the browser. You can also go to its Settings > About Chrome. If an update is available an Update button should appear.