Active Exploitation of a Zero-day Vulnerability in Chrome Web Browser.
Google has released a security update to address a zero-day vulnerability (CVE-2022-4135) in their Chrome Web Browser. The vulnerability is reportedly being actively exploited.
Successful exploitation of the vulnerability could allow attackers to overwrite the application's memory to manipulate its execution path, resulting in unrestricted information access or arbitrary code execution.
Chrome users are advised to upgrade their browser to version 107.0.5304.121 for macOS and Linux, and version 107.0.5304.121/.122 for Windows to mitigate potential threats. Users are also encouraged to enable automatic updates in Chrome to ensure that their software is updated promptly.
Users of Chromium-based browsers (e.g. Microsoft Edge, Brave, Opera, Vivaldi, etc.) are also advised to apply relevant fixes as and when they become available.
The previous seven zero-day fixes are:
- CVE-2022-3723 – October 28th
- CVE-2022-3075 – September 2nd
- CVE-2022-2856 – August 17th
- CVE-2022-2294 – July 4th
- CVE-2022-1364 – April 14th
- CVE-2022-1096 – March 25th
- CVE-2022-0609 – February 14th