Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.

The high-severity flaw is tracked as CVE-2022-4135 and is a heap buffer overflow in GPU, discovered by Clement Lecigne of Google's Threat Analysis Group on November 22, 2022.

"Google is aware that an exploit for CVE-2022-4135 exists in the wild," reads the update notice.

As users need time to apply the security update on their Chrome installations, Google has withheld details about the vulnerability to prevent expanding its malicious exploitation.

In general, heap buffer overflow is a memory vulnerability resulting in data being written to forbidden (usually adjacent) locations without check.

Attackers may use heap buffer overflow to overwrite an application's memory to manipulate its execution path, resulting in unrestricted information access or arbitrary code execution.

Chrome users are recommended to upgrade to version 107.0.5304.121/122 for Windows and 107.0.5304.122 for Mac and Linux, which addresses CVE-2022-4135.

To update Chrome, head to Settings → About Chrome → Wait for the download of the latest version to finish → Restart the program.

Chrome's become the modern equivalent of Internet Explorer in terms of vulnerability.

Difference is, they're a lot quicker at patching them!

[deleted]

Surprised I haven’t heard of more Linux exploits given it’s popularity

Ya, same.

I like Firefox better for desktops. But we are the minority.

Ugh I’ll have to lose all my porn tabs again? Fuck

I read that Edge is prety good now?

But I have not really tested it out.

I stopped using Firefox for two weeks when Brendan Eich's prop 8 bullshit came out, and when he was forced out of the company I went right back to using Firefox. The homophobe was gone, Mozilla was clear about supporting gay rights, so there wasn't really a good reason to maintain the boycott.

I've been using Firefox since 2005 or so, with only those two weeks where I used Chrome, until Eich was gone.

They are restored after an update

[deleted]

Incognito tabs?

They are common but 2 io_uring exploits for the linux kernel in this time frame don't make riveting reads about affected consumer products.

Google rated that CVE rated High, not Critical. This is not an emergency update.

Yeah that makes sense. Most Linux machines don’t make it into the hands of the most of us.

People on here have decided to rave about Edge (since it's chromium based now) as the 2nd coming and trash Chrome (bloated! uses so much ram)...when in reality they are 99% identical. I've run both browsers on low and high-end machines, there is only minor differences (Chrome DOES run better with more ram, however, Edge wants to integrate itself into every part of your Windows OS/accounts).

Both are good browsers. Chrome will just get the hate from being so popular. I'd like to say Switch to FF from a privacy perspective, but Google has all my info anyway, so I've already crossed that bridge.

And personally (yes this in anecdotal), Chrome still performs better than Edge on my 10th gen i7 with 24gb of ram in virtually every type of task I throw at it. Edge is a good backup browser for me, but I understand if you want to make it your main one - it's a farcry from where Edge used to be.

Ya, it’s generally frowned upon to check email or browse the internet from a server. Hell you shouldn’t even use the same account to access a server as you do your “normal” account.

It’s built on Chromium now. Has been for a couple of years now I think. Hell, Microsoft has it’s own Linux disto now. Times are changing :-).

Create a folder somewhere and use bookmarks or get a session manager extension.

> Most Linux machines don’t make it into the hands of the most of us.

As general purpose computers. So many devices you use are linux machines. And some of those security issues affect them.

For example my WiFi base station appears to be a linux machine.

What i think is funny about Edge, is that it appears to run faster on Linux.

...or maybe server software is a bit more secure

But it's chromium

Consider using Fennec from F-Droid repos. Firefox on mobile collects a lot of user data and Fennec aims to remove the unnecessary bits.
https://f-droid.org/packages/org.mozilla.fennec_fdroid/

Be a man and watch porn using normal tabs

why is it called a zero-day exploit?

The software creators have zero days to respond after hackers have taken advantage of it

What a virtuous signal and valuable contribution to this thread. Thank you for your effort, everyone here applauds it.

So you've never maintained a morally driven boycott of a company?

Let me guess, Apple can guillotine babies on live TV and you'll still go out and buy their newest iPhone?

I agree with you. Firefox is even more stable now than Chrome, which constantly crashes services like Google Excel.