Google ships 8th emergency Chrome update for Mac to fix ‘high-severity’ flaw
For the eighth time this year, Google has issued an emergency Chrome for Mac update that patches a severe security flaw that has been exploited in the wild. All users should immediately update to version 107.0.5304.121.
The update contains a single fix to a heap buffer overflow in GPU. The CVE program tracks the vulnerability, which was reported by Clement Lecigne of Google’s Threat Analysis Group on November 22, as CVE-2022-4135. As Bleeping Computer explains, heap buffer overflow “is a memory vulnerability resulting in data being written to forbidden (usually adjacent) locations without check.”
Google previously patched Chrome for Mac in late October and has shipped numerous updates to fix high-severity zero-days this year:
- CVE-2022-3723 (October 28)
- CVE-2022-3075 (September 2)
- CVE-2022-2856 (August 17)
- CVE-2022-2294 (July 4)
- CVE-2022-1364 (April 14)
- CVE-2022-1096 (March 25)
- CVE-2022-0609 (February 14)
The update is rolling out to Mac users, but you can get it manually by going to Preferences > About Chrome > Check for Update. Then click Relaunch to install the update.