The bug in question has been registered as CVE-2022-4135, and it is a bug of the Buffer Overflow type in the GPU. This vulnerability has been discovered by one of the Google analysts after analyzing some logs collected by the browser. As the company claims, this vulnerability was already known by various groups of hackers, and they have been using it to take control of system memory and alter the operation of other processes running on the PC. It can also be used for remote code execution with permissions in system memory.
At the moment, for security reasons, Google has not revealed more technical information about the vulnerability, although it will do so as soon as most Chrome users update the browser. The company ensures that this vulnerability is also present in other similar projects (that is, other Chromium-based browsers), so it will be aware of its evolution before revealing information about this security flaw.
How to stay safe with ChromeIf we want to prevent our PC from being in danger, what we have to do is make sure that we have the latest available version installed, the one that corrects this eighth critical security flaw. Chrome, normally, updates automatically, so we shouldn’t worry about anything. But, if we want to make sure, we only have to open the Chrome menu, and go to the section Help > About Google Chrome.
In the browser it has to appear that we have installed version 107.0.5304.122 (or any later) on both Windows and macOS or Linux. Otherwise, we may be in danger. If we already have this version installed, we don’t have to worry, since the vulnerability will be fixed, in addition to the other 7 critical bugs that have been fixed throughout this year:
- CVE-2022-0609 (February)
- CVE-2022-1096 (March)
- CVE-2022-1364 (April)
- CVE-2022-2294 (July)
- CVE-2022-2856 (August)
- CVE-2022-3075 (September)
- CVE-2022-3723 (October)
If we do not have the browser, and we are going to use it, when we install Chrome from scratch we will already be in this new version, so we will be able to browse safely and privately with Chrome without any problem.