Security News > 2022 > November > Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser.
Clement Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on November 22, 2022.
Heap-based buffer overflow bugs can be weaponized by threat actors to crash a program or execute arbitrary code, leading to unintended behavior.
"Google is aware that an exploit for CVE-2022-4135 exists in the wild," the tech giant acknowledged in an advisory.
Like other actively exploited issues, technical specifics have been withheld until a majority of the users are updated with a fix and to prevent further abuse.
With the latest update, Google has resolved eight zero-day vulnerabilities in Chrome since the start of the year -.
News URL
https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html
Related news
- Chrome to patch decades-old flaw that let sites peek at your history (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Chrome 136 fixes 20-year browser history privacy risk (source)
- Emergency patch for potential SAP zero-day that could grant full system control (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Google Chrome to block admin-level browser launches for better security (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-25 | CVE-2022-4135 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |