September 27, 2023

Google has just patched eigth zero-day vulnerability in its Chrome browser.

The vulnerability was caused by a heap buffer overflow in GPU, allowing attackers to modify the data stored in the application’s heap, altering the output.

Advertisements

It has been assigned a severity rating of ‘high’ although a specific CVSSv3 score has not yet been released.

The vulnerability is tracked as CVE-2022-4135 and released the new stable channel version of Google Chrome on Thursday across Windows, macOS, and Linux.

Google said it will be keeping more detailed information on the vulnerability under wraps until more users have had time to install the update.

CVE-2022-4135 marks the eighth zero-day vulnerability found in Google Chrome since the start of 2022 and the second zero-day caused by a heap buffer overflow.

Major browsers also run on Chromium, such as Microsoft Edge, Opera, Vivaldi, and others, these were also vulnerable because they too relied on Google’s V8 engine.

Advertisements

The full list of Google Chrome zero-day vulnerabilities found in 2022 can be found below:

  • CVE-2022-3723
  • CVE-2022-3075
  • CVE-2022-2856
  • CVE-2022-2294
  • CVE-2022-1364
  • CVE-2022-1096
  • CVE-2022-0609

1 thought on “Google Patches Eighth Chrome ZeroDay of 2022

Leave a Reply

%d bloggers like this: