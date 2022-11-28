In a perfect world, software would be released bug-free and secure from day one. In reality, we're always playing catch-up, and probably the best case we can hope for would be security issues being discovered by software makers during their own audits, or by security researchers who then share their findings with the developers. Unfortunately, sometimes these are discovered by malicious actors and exploited before devs are even aware — leading to what we usually call "zero-day" vulnerabilities. Google's Chrome browser, in particular, is often the target of malicious actors, being one of the highest-profile and best browsers out there. Google is now sharing the details of its work in patching a zero-day vulnerability affecting Chrome — for what's the eighth time it's had to do so already this year.

The issue we're talking about is CVE-2022-4135, and while full details haven't been made available, we know it's a heap buffer overflow in the GPU (via Bleeping Computer). Buffer overflows in general give access to memory regions that software shouldn't normally have, potentially opening the door for taking control of your machine. In other words, it's pretty bad — and this one bring a zero-day, Google notes that there's already a malicious exploit for this vulnerability floating around out there in the wild.

In response, Google released an emergency update for Chrome 107 with the sole purpose of fixing this issue. Mac and PC users should check that they're up to date by looking for version number 107.0.5304.121. If you already have this release, you're already safe; this new version doesn't change anything except for this specific fix.

As we mentioned, Google Chrome has already fixed a total of eight zero-day vulnerabilities in 2022, with the first one dating back to Valentine's Day in February, and the last one before this arriving late last month. It all goes to show the importance of keeping your browser, and the software in your PC, updated — these are vulnerabilities that were actively exploited by malicious actors before they were patched. If you're a Chrome user, make sure your browser is fully updated.