Between all the scintillating
Black Friday deals and the Cyber Monday bargains that will follow, you may end up spending a lot of time surfing online retail stores for discounts. That's all well and good, but if you're among the more than 2 billion people who use Google's Chrome browser, take a moment to apply the latest emergency update to protect yourself from another zero-day security flaw.
Google started pushing out the patch on Thanksgiving, when you were likely preoccupied with gorging on turkey and watching a slate of football games (I don't care what the refs decided, that was a catch by Patriots tight end Hunter Henry). However, it's not one that should be overlooked. Tracked as CVE-2022-4135, this one carries a "High" severity rating.
That alone would be cause to pause what you're doing and apply the patch. But in this instance, Google states it is "aware that an exploit for CVE-2022-4135 exists in the wild." In other words, this isn't just a theoretical security hole, but one in which hackers have already developed an exploit for.
As is typically the case for this sort of thing, Google is withholding most details until a majority of users apply the latest patch. It's described as a "heap buffer overflow in GPU" bug and it affects Windows, Mac, and Linux.
While we don't know the full scope of the exploit, this kind of vulnerability paves the way for hackers to corrupt data and remotely execute code on a victim's PC. The US government's National Institute of Standards and Technology (NIST) agency goes a little further and says that CVE-2022-4135 allows a "remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
Not Seeing The Patch? Here's How To Get Google's Chrome Update Now
Incidentally, this is the eighth
zero-day vulnerability discovered in Chrome this year, with the others having been patched in February, March, April, July, August, September, and October. These updates typically get pushed to Chrome browsers automatically, though they may not get installed right away.
You can fast-track the process by manually initiating the update. To do this, click on the three vertical dots in the upper-right corner and navigate to Help > About Google Chrome. Chrome will then check for and download the latest build (
107.0.5304.121 as of this writing) and prompt you to restart your browser.