Google has released Chrome Version 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows to fix a zero-day vulnerability (CVE-2022-4135).

Based on the official site for Chrome updates, “Google is aware of reports that an exploit for CVE-2022-4135 exists in the wild.”.

______________________________

A. Natures of Vulnerability

CVE-2022-4135

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

______________________________

B. Actions to be Taken

CERT-PH encourages all Google Chrome users/administrators to review and apply the updates to mitigate future threats.

  • To manually check for an update, you may do the following steps:
    1. Go to Chrome Settings > Help > About Google Chrome
  • Regularly check and apply the latest patch of software, especially to public-facing applications.
  • Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
  • For additional information, kindly refer to the official advisory:
    • <https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html>