Google has released a new emergency update for the Google Chrome web browser’s desktop version to address the eight zero-day issue exploited in an attack this year.
According to Forbes, the issue affected Chrome for Windows, Mac, Linx, and Android devices, which is why the update was immediately rolled out to protect users’ browsers.
Google Confirms The Update To Address The Single Security Issue
While it is relatively rare for Google Chrome to release an update for a single security issue, the zero-day patch was launched under the threat of exploitation by hackers before the holidays.
The zero-day patch security update will not only be available to Google Chrome users, but other browser clients using Chromium will also see the updates soon as well.
Bleeping Computer reports that the high-severity flaw that threatens Google Chrome users is tracked as the CVE-2022-4135, which is a heap buffer overflow issue in the Chromium GPU.
The zero-day, reported initially by Clement Lecigne of Google’s Threat Analysis Group, enables hackers to escape the security sandbox through a malicious HTML page.
According to the National Institute of Standards and Technology’s national vulnerability database entry, the hackers can then compromise the render process in Chrome.
Google has not released further information regarding the patch, but the update will reportedly enable users to install the update for protection easily.
Forbes said that the security updates have started coming to Google Chrome users, and will continue to do so in the following days.
However, users are advised to force the update, since hackers have been exploiting the patch code already.
This is necessary for users who often keep large numbers of multiple tabs open and rarely restart the browser, but the update will only be applied once Chrome is rebooted.
Taking time to apply the security patch on Chrome will prevent the vulnerability from expanding and resulting in malicious activities and exploitation.
Google Urges Chrome Users To Apply The Emergency Update
A heap buffer overflow is a memory issue resulting in data being spread in unauthorized locations, without giving users the ability to check it.
Through this, attackers can overwrite an app’s memory to change execution paths to get unrestricted access to information or to execute arbitrary codes with convenience.
With this, Google recommends that Chrome users upgrade their browsers to the 1007.0.5304.121/122 browser for Windows and 107.0.5304.122 for Mac and Linux.
According to Google, by addressing the CVE-2022-4135, restrictions will be retained on bugs to details, links, and third-party libraries that others depend on.
Bleeping Computer writes that users are recommended to upgrade to this version of Chrome, and they can do so by heading to the Settings and selecting the About Chrome option.
After this, users can just wait for the download of the latest version of Google Chrome to finish before restarting the program to have the security update in place.
This zero-patch update is the eight update for Google Chrome this year since February, which is because of hackers’ high interest in the world’s most widely used browser.