Andrew Orr
There is another zero-day exploit for Chrome, and Google has issued a security update to fix the vulnerability that is being actively exploited.
The company is rolling out the update — 107.0.5304.121 — for Windows, Mac, and Linux over the coming days or weeks.
The vulnerability tracked as CVE-2022-4135 in the database of security bugs and vulnerabilities allowed a remote attacker to break out of the Chrome sandbox using a special HTML webpage with a heap buffer overflow.
On its webpage for Chrome releases, Google says it is aware of reports that an exploit for the vulnerability exists in the wild.
Mac users can update the Google Chrome browser automatically by pressing Command-Q to quit the browser, then reopening the app. If the browser hasn't been closed in a while, a button will appear in the app's upper-right corner that says "Update."
Another option is to click on the three-dot "More" icon in the browser's upper-right. Next, select Help, click About Google Chrome and choose Update Google Chrome if it appears.
It's been a rough year for Chrome security. A report from October 5 showed that Chrome was the most vulnerable browser in 2022 with 303 vulnerabilities.
For example, the company patched its seventh zero-day exploit in Chrome at the end of October. It's a popular browser for users, but that also makes it a popular target for attackers.
David Schloss
Christine McKee
Amber Neely
Malcolm Owen
Andrew O'Hara
William Gallagher
Oliver Haslam
9 Comments
There is another zero-day exploit for Chrome, and Google has issued a security update to fix the vulnerability that is being actively exploited.
The company is rolling out the update -- 107.0.5304.121 -- for Windows, Mac, and Linux over the coming days or weeks.
Wait. What?
What if I don't have Chrome installed? Am I safe? /s
I don't run Chrome often, but strangely, mine was already updated when I launched the app today.
As for updating, come on AppleInsider... your audience are Mac users... so there's no need to send your readers down the Windows hellhole of finding the "About Google Chrome" menu item... it's at the very top of the application menu (named "Chrome" in this case). ;)
Who runs that spyware on a Mac? :smile:
So are Chromium based browsers also affected? I don’t run Chrome but have Brave installed for those sites that need Chrome to function.