Advertisement

News

Google releases emergency update for Chrome

Google releases emergency update for Chrome
Martin Brinkmann

Martin Brinkmann

Google released a new security update for its Chrome web browser for desktop systems and Android. The update fixes a security issue that is exploited in the wild, according to Google.

The issue affects Chrome for Windows, Linux, Mac and Android, according to Google.

The security issue affects Chromium, the source that Chrome and other browsers, such as Microsoft Edge, Brave or Opera use. As such, it is not Chrome-specific, but an issue that affects all these browsers.

Chrome Download Now

Chrome users should update the web browser immediately to resolve the issue.

How to install the Chrome security update

Chrome up to date on Windows

Google Chrome installs updates automatically by default, but this does not happen in real-time. Desktop versions of Chrome support manual updates, and this is how it is done:

  1. Open the Chrome web browser on the computer.
  2. Load chrome://settings/help in the browser’s address bar, or, select Menu > Help > About Google Chrome if you prefer this way.
  3. Chrome displays the installed version and runs a check for updates. Any new update is downloaded and installed at this point.
  4. A restart is required to complete the process.

One of the following Chrome version needs to be listed on the Help page after the update:

  • Google Chrome on Mac or Linux: 107.0.5304.121
  • Chrome on Windows: 107.0.5304.121 or 107.0.5304.122
  • Chrome Extended Stable channel: 106.0.5249.199

There is no option to install a Chrome update for Android using the method described above.

The Chrome vulnerability

Google confirmed that the update addresses a single security issue in the web browser. The official release notes page reveals that it is a heap buffer overflow issue in the GPU. Google does not provide detailed information about vulnerabilities.

Without going into too many details, heap buffer overflow issues may lead to the execution of arbitrary code. Google confirms that the issue is exploited in the wild, which means that attacks take place at the time of writing.

The CVE-2022-4135 record lists additional information on the issue at hand:

“Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.”

The issue affects all old versions of the Chrome browser, both on the Stable and Extended Stable channel. The description highlights that the attack is web-based, using a specially crafted HTML page to exploit the issue. In other words: all it takes is to visit a webpage in Chrome to run the risk of being attacked successfully.

Google fixed 10 security issues in Chrome 107, which it released two weeks ago.

Other Chromium-based browsers

Brave Browser fully updated

The security issue affects all Chromium-based browsers; this includes Microsoft Edge, Brave, Vivaldi and Opera.

Only Brave Software, maker of the Brave Browser, released a security update for the browser so far. The company confirmed the release of the security update on its Twitter account.

Brave users may load brave://settings/help or select Brave Icon > Help > About Brave to display the current version. New updates are downloaded and installed automatically when the page is opened.

Martin Brinkmann

Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News back in 2005. Martin started his career as a tech support representative at a large German financial corporation which he used to finance his college education in English, Information Technology and History.

Latest from Martin Brinkmann

You may also like

  1. June 2023 Gaming Lineup: A Sneak Peek at the Hottest Video Game Releases

    June 2023 Gaming Lineup: A Sneak Peek at the Hottest Video Game Releases

    Read more
  2. Spider-Man vs. Doctor Octopus: High-Stakes Board Game Brings Life-or-Death Operation Drama

    Spider-Man vs. Doctor Octopus: High-Stakes Board Game Brings Life-or-Death Operation Drama

    Read more
  3. Must-Watch Matchup: Alcaraz vs. Djokovic at Roland Garros 2023 – How to Watch Live

    Must-Watch Matchup: Alcaraz vs. Djokovic at Roland Garros 2023 – How to Watch Live

    Read more
  4. Spotify’s Latest Updates Bring Devastating News for Podcasting Community

    Spotify’s Latest Updates Bring Devastating News for Podcasting Community

    Read more
  5. Has Street Fighter 6 Failed to Live Up to Expectations? Sales Figures Revealed

    Has Street Fighter 6 Failed to Live Up to Expectations? Sales Figures Revealed

    Read more
  6. Bizarre Robbery Fail: Florida Man’s Hilariously Stupid Attempt to Rob a Phone Store

    Bizarre Robbery Fail: Florida Man’s Hilariously Stupid Attempt to Rob a Phone Store

    Read more