Security News > 2022 > November > Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser.
Clement Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on November 22, 2022.
Heap-based buffer overflow bugs can be weaponized by threat actors to crash a program or execute arbitrary code, leading to unintended behavior.
"Google is aware that an exploit for CVE-2022-4135 exists in the wild," the tech giant acknowledged in an advisory.
Like other actively exploited issues, technical specifics have been withheld until a majority of the users are updated with a fix and to prevent further abuse.
With the latest update, Google has resolved eight zero-day vulnerabilities in Chrome since the start of the year -.
News URL
https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-25 | CVE-2022-4135 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |