Google Chrome zero-day addressed

ZDNET reports that Google has rolled out a Chrome update aimed at addressing an actively exploited zero-day vulnerability. Threat actors have been leveraging the high-severity flaw, tracked as CVE-2022-4135, which has resulted from a "heap buffer overflow in GPU," according to Google, which has already issued the update in Chrome 107.0.5304.121 for Mac and Linux, and 107.0.5304.121/.122 for Windows. While Google has chosen not to reveal details of the vulnerability until the update has been applied by most users, the NIST's National Vulnerability Database noted that the flaw could be leveraged by remote attackers in the graphics rendering process to facilitate an escape from the Chrome sandbox. "Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page," said NIST. Immediate updates of the Chrome browser have been urged even though the flaw may have been in use in targeted attacks.