Google has published a security advisory against a new, high-severity heap buffer overflow in the GPU component of the Chrome browser. The vulnerability, tracked as CVE-2022-4135, is a high-severity vulnerability that persists in the GPU component of the Chrome browser. Since this is a heap buffer overflow vulnerability, this allows remote attackers to create serious issues such as crashing the program, executing arbitrary code, bypassing security restrictions, and full system compromise. All Chrome users need to fix this vulnerability before they face any damage. We created this post to let you know how to Fix CVE-2022-4135- high severity heap buffer overflow in the GPU component of Chrome browser.
According to Clement Lecigne, the discloser of the flaw, this is a heap buffer overflow in the GPU component of Chrome browser that allows remote attackers who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The flaw is determined as high in severity, keeping the capabilities of buffer overflow flaws. However, the base score and CVE vector is yet to be published.
As of now, we don’t have more details about the CVE-2022-4135 as Google restricted the technical details due to security reasons. And Google also says that it is aware of the existence of exploit in the wild. It would reveal the root cause of the vulnerability and its implications in the coming weeks when the majority of users are updated with a fix. At this time, we can only share how to Fix CVE-2022-4135- high severity heap buffer overflow in the GPU component of Chrome browser.
Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven’t yet fixed.
– Google
Google has responded to this flaw by releasing an updated version of the Google Chrome Browser. Google recommends Chrome users update their vulnerable versions to the fixed Chrome version to avoid any consequences.
The updated version released by Google is Chrome 107.0.5304.121/.122. Chrome users are advised to install the security update immediately on whatever OS they use, including Windows, Mac, and Linux. Mac and Linux users are required to update version 107.0.5304.121, and Windows users are required to update 107.0.5304.121/122.
More technical details about the attacks that can occur by exploiting this vulnerability are to be released by Google in the coming weeks. Until then, users must install the Chrome update to prevent threat actors from exploiting the flaw.
Chrome browser normally runs updates in the background when you close and then reopen your browser. However, if you haven’t done this in a while, a pending update might be available in a colored icon.
Different colors show how long it’s been since the update was released. The green color means an update was released less than two days ago. The orange color shows the release of the update almost four days ago, and the red color means it has been at least a week. Follow the steps to update your Chrome browser to its latest version.
Upgrading your Chrome browser is easy, and it only takes a few moments. Follow these steps to complete the upgrade:
Open your Chrome browser and click on the three vertical dots in the top right of the window.
Click on ‘Help’, then select ‘About Google Chrome’ from the drop-down menu. A new page will open with details about your current version of Chrome, including whether or not an update is available.
If an update is available, you’ll see a button that says ‘Update Google Chrome’. Click this button to start downloading and installing the latest version of Google Chrome onto your computer.
Once the upgrade process is complete, you’ll see a message telling you that your Chrome browser has been successfully updated. Click ‘Relaunch’ to finish the update and open Chrome with all of the new features included in the latest version.
You can also enable automatic updates for Google Chrome so that future upgrades will be installed without any effort on your part. To do this, go to ‘Settings’ and then click on ‘Advanced Settings’. Under the ‘Privacy & Security’ tab, select ‘Automatic Updates’ and make sure it is checked off.
Now that you know how to upgrade your Chrome browser, you can enjoy all of the latest features of the world’s most popular web browser. Keeping your Chrome up to date is essential for staying secure and making sure you have access to all the newest tools, apps, and extensions.
Your browser will be updated to the latest version, which has fixed the issue. If you have deployed the offline installation package, you can manually download the updated version to upgrade your browser. We hope this post helped you how to fix CVE-2022-3075- A New 0-day in Google Chrome Browser.
Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, subscribe to receive updates like this.
You may also like these articles:
How to Fix CVE-2022-4262- A Type Confusion Bug in the V8 JavaScript Engine in Chrome
How to Fix CVE-2022-3075- A New 0-day in Google Chrome Browser
How to Patch CVE-2022-3656- A SymStealer Vulnerability in The Google Chrome?
14 New Chrome 0-Day Vulnerabilities – Update Your Chrome Immediately
10 New 0-Day Vulnerabilities in Chrome - Update Your Browser ASAP
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.