Google has released an update for a very serious zero-day vulnerability known as CVE-2022-4135 that affects the Chrome browser.
That’s what the search giant has said an exploit for the vulnerabilitydiscovered by French security researcher Clement Lecigne, exists in the wild, meaning users could be at risk.
Google said it won’t release much information about the nature of the vulnerability “until a majority of users have been updated with a fix” and that it “will also maintain restrictions if the bug exists in a third-party library that other projects on similar mode dependencies are enabled, but not yet resolved”.
So, what do we know?
Google was able to reveal that the vulnerability was an example of what’s called a “heap buffer overflow,” a type of buffer overflow where a buffer vulnerable to overwriting resides in the “heap” portion of system memory.
Releasing more could tip off adversaries about the vulnerability before the vast majority of Google Chrome users are fully patched.
Users who want to avoid the risk of being affected are advised to update to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows, both sets rolling out in the coming days and weeks.
Google’s flagship Chrome browser has certainly suffered a stable number of security vulnerabilities over the past few years.
According to Microsoft, the browser currently has a market share of about 66 percent data from StatCounter (opens in new tab)and 303 vulnerabilities were discovered between January 1, 2022 and October 5, 2022 according to data from
In contrast, in Safari, only 26 vulnerabilities were revealed in the same period, while Microsoft Edge had 103 vulnerabilities and Mozilla Firefox came in second with 117 vulnerabilities.
According to a report from cybersecurity firm Avertium, the vulnerability could have allowed attackers to trick Chrome into running malicious malware.