[Security Awareness – Vulnerability Alert] High-Risk Zero-Day Vulnerability Found in Google Chrome – Users Urged to Install Updates Promptly

2023 年 7 月 11 日 圖資資訊處

ANA Incident Notification: TACERT-ANA-2022120502123838

[Vulnerability Alert] High-Risk Zero-Day Vulnerability Found in Google Chrome – Users Urged to Install Updates Promptly

Educational Institutions ANA Reporting Platform

Release Number: TACERT-ANA-2022120502123838 Release Time: 2022-12-05 14:51:40 Incident Type: ANA-Vulnerability Alert Discovery Time: 2022-12-02 19:05:30 Impact Level: Medium

[Subject Explanation:] [Vulnerability Alert] High-Risk Zero-Day Vulnerability Found in Google Chrome – Users Urged to Install Updates Promptly

[Content Explanation:]

Forwarded from CHTSecurity-ANA-202212-0003 of the Chinese National Information Security CHTSecurity-ANA-202212-0003, Google has recently released an urgent update for the desktop version of the Chrome browser to patch a severe zero-day vulnerability discovered in the system. The known vulnerability has been exploited extensively by hackers in various attacks. The vulnerability, named CVE-2022-4135, is a heap buffer overflow error in the Graphic Processing Unit (GPU), identified by Google’s Threat Analysis Group, the company’s security team.

Typically, such errors fall under the category of memory vulnerabilities, allowing attackers to bypass system restrictions and write data. In the case of CVE-2022-4135, attackers can access information within restricted areas and execute arbitrary code remotely. The new version of Chrome browser released by Google has the version number 107.0.5304.121/122 for Windows and 107.0.5304.122 for Mac/Linux. These new versions have fixed the CVE-2022-4135 zero-day vulnerability, and users should automatically receive the update when they open the Chrome browser.

Given the high market share of Google Chrome, users should be particularly cautious and apply available updates promptly to avoid falling victim to attacks exploiting unpatched vulnerabilities. Information sharing level: WHITE (information suitable for public disclosure).

We kindly request your assistance in disseminating this information.

[Affected Platforms:] Google Chrome versions prior to 107.0.5304.121/122

[Recommendations:] Update Google Chrome to version 107.0.5304.121/122 or later.

[Reference Information:]

  1. https://www.twcert.org.tw/tw/cp-104-6748-fb440-1.html
  2. https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10212