Issued: Tuesday, 29 November, 2022 |
Last Revision: Tuesday, 29 November, 2022 |
Vendor: |
Product: |
Severity Level: |
Summary:
Google has released an emergency update to fix the actively exploited zeroday vulnerability in its Chrome web browser. The exploited vulnerability is (CVE2022-4135) described as a heap buffer overflow in the GPU component.
The vulnerability allows remote attacker to potentially perform a sandbox escape via a crafted HTML page. This means, malicious contents can bypass sandboxed environments to execute arbitrary commands on the victim machine.
CVE/Vulnerability | Affected Version | CVSS Score | Exploitable |
CVE-2022-4135 | Google Chrome versions prior to 107.0.5304.121 |
| Yes |
Recommendation:
Google had released the updated version for the affected products. It is recommended to update the affected versions to latest one.
References: