"Google Releases Patch for Zero-Day Chrome Vulnerability"

Google has started rolling out a patch for a critical security flaw affecting the desktop version of its Chrome browser. The vulnerability, tracked as CVE-2022-4135, impacts Chrome for Windows, Mac, and Linux. Google is aware of an exploit for the high-severity vulnerability in the wild, implying that hackers may be targeting vulnerable Chrome installations. The flaw affects a Chrome component known as the renderer process. When a user visits a web page, Chrome downloads it as a collection of code files. Chrome's renderer process is in charge of converting the code files into a working web page with which the user can interact. Google's browser runs each web page in a sandbox for security reasons. The sandbox prevents page code from accessing critical components of the user's operating system, making it more difficult for malicious code to infiltrate the user's computer. The newly patched Chrome vulnerability may allow hackers to circumvent Chrome's sandbox mechanism. Sidestepping the mechanism enables malware to easily manipulate the user's operating system. According to the National Institute of Standards and Technology (NIST), hackers can use malicious web pages to target CVE-2022-4135. Because the vulnerability allows hackers to create a heap buffer overflow, it opens the door to cyberattacks. Chrome stores its code and the data it processes in the user's computer's memory. A program's memory is divided into sections known as buffers while running. One buffer may contain some of Chrome's source code, while another may contain some of the web page that the user has opened. When more data is written to a buffer than it can hold, the buffer overflows. Excess data is written to other buffers, overwriting the data in them. Hackers can exploit this to replace parts of a program with malicious code. This article continues to discuss the high-severity security vulnerability affecting the desktop version of its Chrome browser.

SiliconANGLE reports "Google Releases Patch for Zero-Day Chrome Vulnerability"

 

Submitted by Anonymous on