Google
on
Thursday
released
software
updates
to
address
yet
another
zero-day
flaw
in
its
Chrome
web
browser.

Tracked
as

CVE-2022-4135,
the
high-severity
vulnerability
has
been
described
as
a
heap
buffer
overflow
in
the
GPU
component.
Clement
Lecigne
of
Google’s
Threat
Analysis
Group
(TAG)
has
been
credited
with
reporting
the
flaw
on
November
22,
2022.

Heap-based
buffer
overflow
bugs
can
be

weaponized
by
threat
actors
to
crash
a
program
or
execute
arbitrary
code,
leading
to
unintended
behavior.

“Google
is
aware
that
an
exploit
for
CVE-2022-4135
exists
in
the
wild,”
the
tech
giant

acknowledged
in
an
advisory.

But
like
other
actively
exploited
issues,
technical
specifics
have
been
withheld
until
a
majority
of
the
users
are
updated
with
a
fix
and
to
prevent
further
abuse.

With
the
latest
update,
Google
has
resolved
eight
zero-day
vulnerabilities
in
Chrome
since
the
start
of
the
year
–

Users
are
recommended
to
upgrade
to
version
107.0.5304.121
for
macOS
and
Linux
and
107.0.5304.121/.122
for
Windows
to
mitigate
potential
threats.

Users
of
Chromium-based
browsers
such
as
Microsoft
Edge,
Brave,
Opera,
and
Vivaldi
are
also
advised
to
apply
the
fixes
as
and
when
they
become
available.