Quote
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser.
W
Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022.
Heap-based buffer overflow bugs can be weaponized by threat actors to crash a program or execute arbitrary code, leading to unintended behavior.
According to the NIST's National Vulnerability Database, the flaw could permit a "remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
"Google is aware that an exploit for CVE-2022-4135 exists in the wild," the tech giant acknowledged in an advisory.
W
Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022.
Heap-based buffer overflow bugs can be weaponized by threat actors to crash a program or execute arbitrary code, leading to unintended behavior.
According to the NIST's National Vulnerability Database, the flaw could permit a "remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
"Google is aware that an exploit for CVE-2022-4135 exists in the wild," the tech giant acknowledged in an advisory.
Also, don't keep large amounts of money in Metamask. That is a foolish idea considering browsers are the most attacked software in the world, by virtue of being the most used.
