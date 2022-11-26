



Google LLC has begun deploying patches for high-severity security vulnerabilities affecting the desktop version of the Chrome browser.

The company revealed the move in a blog post on Thursday. This vulnerability, tracked as CVE-2022-4135, affects Windows, Mac, and Linux editions of Chrome. Google said the patch will be rolled out over the next few days and weeks.

Google is aware that an exploit for CVE-2022-4135 does exist, the company said in a blog post. The presence of exploits suggests that hackers may be targeting vulnerable installations of Chrome.

Researchers use an industry-standard framework called CVSS to measure the severity of software vulnerabilities. According to Google, the severity of CVE-2022-4135 is ranked high in his CVSS framework. This is his second highest severity ranking after the vulnerability is critical.

CVE-2022-4135 affects a component of Chrome known as the renderer process. When a user visits a web page, Chrome downloads that page in the form of a collection of code files. The Chrome renderer process is responsible for turning code files into functional web pages that users can interact with.

For cybersecurity reasons, our browser runs each web page in a so-called sandbox. A sandbox blocks code in your page from accessing key components of the user’s operating system. According to Google, this makes it more difficult for malicious code to gain a foothold on users’ computers.

CVE-2022-4135 is a newly patched vulnerability in Chrome that could allow hackers to bypass Chrome’s sandboxing mechanism. Bypassing the mechanism makes it easier for malware to tweak the user’s operating system. According to instructions released by the National Institute of Standards and Technology, a hacker can use a malicious web page to target him with CVE-2022-4135.

This vulnerability opens the door to cyberattacks as it allows hackers to cause what is known as a heap buffer overflow.

Programs like Chrome store both code and the data they process in the memory of the user’s computer. The memory used during program execution is divided into sections called buffers. One buffer might contain a portion of Chrome’s source code, and another buffer might contain a portion of her web page that the user opened.

A buffer overflow occurs when more data is written than the buffer can hold. Extra data is written to other buffers, overwriting the information they contain. Hackers can use this phenomenon to overwrite parts of the program with malicious code.

Google’s patch for Chrome’s buffer overflow vulnerability comes about three months after the company fixed another high-severity vulnerability that affected the browser. According to Google, the latter vulnerability was found in one of Chrome’s runtime libraries. A run-time library is a piece of software that another program depends on to work.

