From here, selecting About Chrome will display the current version of Chrome running, and will also prompt you to download and update the browser if it is not the most recent version. The Google Chrome desktop app can be updated by opening the app and navigating to the Settings page. Updates for Google Chrome for Windows (version 1.121/.122), and Mac and Linux (version 1.121) have been released last week, with Microsoft Edge receiving updates for Windows and Mac versions of the application yesterday (stable channel version 1.62, extended stable channel version 1.86).
To prevent this attack from affecting your device, updates for the affected chromium-based browsers should be applied as soon as possible. An attacker can use a malicious HTML page they have designed to execute a sandbox escape attack, which frees the attack from the confines of their malicious HTML page and allows them to access their victim’s devices for further attacks such as depositing malware. Tracked as CVE-2022-4135, this vulnerability involves a compromised renderer process, which is the process that is used to display UI (User Interface) on the application, using HTML, CSS, and JavaScript. This can be performed without the data being written to the memory being checked, so a sophisticated attacker could use this flaw to execute arbitrary code. This vulnerability exists due to a heap buffer overflow in the GPU in chromium-based browsers, where a portion of memory allocated to the heap is overwritten, which often leads to crashes and denial of service. This vulnerability in Chrome and other chromium-based browsers is known to be publicly disclosed and has a verified exploit. This has been given a high severity rating by Google and Microsoft, with a CVSS base score of 8.8, however NIST have rated this flaw as critical severity, with a CVSS score of 9.6.
Microsoft have also alerted customers that the chromium-based browser Microsoft Edge also contains this vulnerability in both Windows and Mac versions of the desktop app.
Google Chrome has released an emergency update to patch a critical severity vulnerability present in the Chrome desktop app.
0 kommentar(er)
