As reported by Bleeping Computer (opens in new tab), this high-severity flaw (tracked as CVE-2022-4135 (opens in new tab)) was discovered by the search giant’s own Threat Analysis Group on November 22. To make matters worse, Google has highlighted the fact that it’s currently being exploited in the wild in a blog post (opens in new tab) from the Chrome team. This latest zero-day vulnerability is a heap buffer overflow in GPU according to Google security engineer Clément Lecigne who is credited with discovering it. Heap buffer overflow is a memory vulnerability that can be exploited by an attacker to overwrite a program’s memory. This could give them unrestricted access to other data stored on your computer or even allow them to execute arbitrary code.
Eight zero-day flaws patched this year
The Chrome team at Google has been quite busy patching zero-day vulnerabilities and so far this year, security updates have been rolled out to fix eight of them. Unlike ordinary vulnerabilities, zero-day vulnerabilities pose a higher risk to users as cybercriminals often try to exploit them in their attacks. Zero-days are discovered by an attacker or security researcher before a company has a chance to patch them. Since there isn’t currently a fix available, attacks that exploit a zero-day vulnerability are more likely to succeed. While the fact that Google has patched eight zero-day vulnerabilities in Chrome in 2022 alone may seem alarming, it actually shows that the company is serious about ensuring its software is secure. It would be much worse if Chrome wasn’t receiving regular security updates as the search giant’s browser would be more vulnerable to attacks.
How to update Google Chrome
Keeping Chrome updated is actually quite easy and Google now even uses color-coded icons to let you know your browser is out of update. If the update icon at the top right of your browser is green, an update was released less than two days ago while Orange indicates an update was released around four days ago and red means an update was released at least a week ago. You can also manually update your browser by clicking on the three dot menu on the right of Chrome. From here, scroll down to “Help” and click on “About Google Chrome”. On this menu you will either see a button that says “Update Google Chrome” or your browser may start downloading the latest update automatically. Either way, you will need to relaunch Chrome to apply the latest version of Google’s browser. Keeping Chrome updated is very important especially if you use Google Password Manager to save and store your passwords. Cybercriminals often like to steal cookies and other data stored in your browser which is why you might want to consider using one of the best password managers instead.