Google Patches Actively Exploited Chrome Zero-Day CVE-2022-4135 Vulnerability

A Chrome 107 update released by Google on Thursday patches an actively exploited Chrome vulnerability. Tracked as CVE-2022-4135 and considered “high severity,” the exploited security flaw is described as a heap buffer overflow in GPU.

Attacks targeting heap buffer overflow bugs in Chrome’s GPU may lead to arbitrary code execution. All Chromium-based browsers are impacted.

Clement Lecigne of Google’s Threat Analysis Group has been credited for the zero-day vulnerability. No information has been made available regarding the attacks in which these vulnerabilities have been exploited.

“Google is aware that an exploit for CVE-2022-4135 exists in the wild,” the company noted. Google doesn’t provide many details about the vulnerability for security reasons.

The latest Chrome iteration is now rolling out to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows, which will roll out over the coming days/weeks.

Google Chrome version 107.0.5304.121/.122 fixes the eighth zero-day vulnerability fixed since the start of the year.

The previous seventh are:

• CVE-2022-3723 – October 27th
• CVE-2022-3075 – September 2nd
• CVE-2022-2856 – August 17th
• CVE-2022-2294 – July 4th
• CVE-2022-1364 – April 14th
• CVE-2022-1096 – March 25th
• CVE-2022-0609 – February 14th

Users are strongly advised to update their Chrome web browsers as soon as possible by going into Chrome menu > Help > About Google Chrome to block exploitation attempts.