There is another zero-day exploit for Chrome, and Google has issued a security update to fix the vulnerability that is being actively exploited.
The company is rolling out the update — 107.0.5304.121 — for Windows, Mac, and Linux over the coming days or weeks.
The vulnerability tracked as CVE-2022-4135 in the database of security bugs and vulnerabilities allowed a remote attacker to break out of the Chrome sandbox using a special HTML webpage with a heap buffer overflow.
On its webpage for Chrome releases, Google says it is aware of reports that an exploit for the vulnerability exists in the wild.
Mac users can update the Google Chrome browser automatically by pressing Command-Q to quit the browser, then reopening the app. If the browser hasn't been closed in a while, a button will appear in the app's upper-right corner that says "Update."
Another option is to click on the three-dot "More" icon in the browser's upper-right. Next, select Help, click About Google Chrome and choose Update Google Chrome if it appears.
It's been a rough year for Chrome security. A report from October 5 showed that Chrome was the most vulnerable browser in 2022 with 303 vulnerabilities.
For example, the company patched its seventh zero-day exploit in Chrome at the end of October. It's a popular browser for users, but that also makes it a popular target for attackers.