Google has published a security advisory against a new, high-severity heap buffer overflow in the GPU component of the Chrome browser. The vulnerability, tracked as CVE-2022-4135, is a high-severity vulnerability that persists in the GPU component of the Chrome browser. Since this is a heap buffer overflow vulnerability, this allows remote attackers to create serious issues such as crashing the program, executing arbitrary code, bypassing security restrictions, and full system compromise. All Chrome users need to fix this vulnerability before they face any damage. We created this post to let you know how to Fix CVE-2022-4135- high severity heap buffer overflow in the GPU component of Chrome browser.
Summary of CVE-2022-4135
According to Clement Lecigne, the discloser of the flaw, this is a heap buffer overflow in the GPU component of Chrome browser that allows remote attackers who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The flaw is determined as high in severity, keeping the capabilities of buffer overflow flaws. However, the base score and CVE vector is yet to be published.
As of now, we don’t have more details about the CVE-2022-4135 as Google restricted the technical details due to security reasons. And Google also says that it is aware of the existence of exploit in the wild. It would reveal the root cause of the vulnerability and its implications in the coming weeks when the majority of users are updated with a fix. At this time, we can only share how to Fix CVE-2022-4135- high severity heap buffer overflow in the GPU component of Chrome browser.
Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven’t yet fixed.– Google
How to Fix CVE-2022-4135- A Heap Buffer Overflow in the GPU Component of Chrome?
Google has responded to this flaw by releasing an updated version of the Google Chrome Browser. Google recommends Chrome users update their vulnerable versions to the fixed Chrome version to avoid any consequences.
The updated version released by Google is Chrome 107.0.5304.121/.122. Chrome users are advised to install the security update immediately on whatever OS they use, including Windows, Mac, and Linux. Mac and Linux users are required to update version 107.0.5304.121, and Windows users are required to update 107.0.5304.121/122.
More technical details about the attacks that can occur by exploiting this vulnerability are to be released by Google in the coming weeks. Until then, users must install the Chrome update to prevent threat actors from exploiting the flaw.
How to Upgrade Chrome Browser?
Chrome browser normally runs updates in the background when you close and then reopen your browser. However, if you haven’t done this in a while, a pending update might be available in a colored icon.
Different colors show how long it’s been since the update was released. The green color means an update was released less than two days ago. The orange color shows the release of the update almost four days ago, and the red color means it has been at least a week. Follow the steps to update your Chrome browser to its latest version.
Upgrading your Chrome browser is easy, and it only takes a few moments. Follow these steps to complete the upgrade:
- Open your Chrome browser and click on the three vertical dots in the top right of the window.
- Click on ‘Help’, then select ‘About Google Chrome’ from the drop-down menu. A new page will open with details about your current version of Chrome, including whether or not an update is available.
- If an update is available, you’ll see a button that says ‘Update Google Chrome’. Click this button to start downloading and installing the latest version of Google Chrome onto your computer.
- Once the upgrade process is complete, you’ll see a message telling you that your Chrome browser has been successfully updated. Click ‘Relaunch’ to finish the update and open Chrome with all of the new features included in the latest version.
You can also enable automatic updates for Google Chrome so that future upgrades will be installed without any effort on your part. To do this, go to ‘Settings’ and then click on ‘Advanced Settings’. Under the ‘Privacy & Security’ tab, select ‘Automatic Updates’ and make sure it is checked off.
Now that you know how to upgrade your Chrome browser, you can enjoy all of the latest features of the world’s most popular web browser. Keeping your Chrome up to date is essential for staying secure and making sure you have access to all the newest tools, apps, and extensions.
Your browser will be updated to the latest version, which has fixed the issue. If you have deployed the offline installation package, you can manually download the updated version to upgrade your browser. We hope this post helped you how to fix CVE-2022-3075- A New 0-day in Google Chrome Browser.