Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year. The high-severity flaw is tracked as CVE-2022-4135 and is a heap buffer overflow in the GPU, discovered by Clement Lecigne of Google’s Threat Analysis Group on November 22, 2022. “Google is aware that an exploit for CVE-2022-4135 exists in the wild,” reads the update notice. As users need time to apply the security update on their Chrome installations, Google has withheld details about the vulnerability to prevent expanding its malicious exploitation. In general, a heap buffer overflow is a memory vulnerability resulting in data being written to forbidden (usually adjacent) locations in memory. Attackers may use heap buffer overflow exploits to overwrite an application’s memory to manipulate its execution path, resulting in unrestricted information access or arbitrary code execution.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.