Google patches yet another Chrome zero-day bug – update your browser now

and image of the Google Chrome logo on a laptop
(Image credit: Shutterstock)

If you use Google Chrome on desktop, you need to update your browser now as Google has released a new emergency security update which patches a rather serious zero-day vulnerability.

As reported by Bleeping Computer, this high-severity flaw (tracked as CVE-2022-4135) was discovered by the search giant’s own Threat Analysis Group on November 22. To make matters worse, Google has highlighted the fact that it’s currently being exploited in the wild in a blog post from the Chrome team.

This latest zero-day vulnerability is a heap buffer overflow in GPU according to Google security engineer Clément Lecigne who is credited with discovering it. Heap buffer overflow is a memory vulnerability that can be exploited by an attacker to overwrite a program’s memory. This could give them unrestricted access to other data stored on your computer or even allow them to execute arbitrary code.

Eight zero-day flaws patched this year

person at desk on laptop accessing google

(Image credit: Unsplash)

The Chrome team at Google has been quite busy patching zero-day vulnerabilities and so far this year, security updates have been rolled out to fix eight of them.

Unlike ordinary vulnerabilities, zero-day vulnerabilities pose a higher risk to users as cybercriminals often try to exploit them in their attacks. Zero-days are discovered by an attacker or security researcher before a company has a chance to patch them. Since there isn’t currently a fix available, attacks that exploit a zero-day vulnerability are more likely to succeed.

While the fact that Google has patched eight zero-day vulnerabilities in Chrome in 2022 alone may seem alarming, it actually shows that the company is serious about ensuring its software is secure. It would be much worse if Chrome wasn’t receiving regular security updates as the search giant’s browser would be more vulnerable to attacks.

How to update Google Chrome

Google Chrome color-coded update button

(Image credit: Google)

Keeping Chrome updated is actually quite easy and Google now even uses color-coded icons to let you know your browser is out of update. If the update icon at the top right of your browser is green, an update was released less than two days ago while Orange indicates an update was released around four days ago and red means an update was released at least a week ago.

You can also manually update your browser by clicking on the three dot menu on the right of Chrome. From here, scroll down to “Help” and click on “About Google Chrome”. On this menu you will either see a button that says “Update Google Chrome” or your browser may start downloading the latest update automatically. Either way, you will need to relaunch Chrome to apply the latest version of Google’s browser.

Keeping Chrome updated is very important especially if you use Google Password Manager to save and store your passwords. Cybercriminals often like to steal cookies and other data stored in your browser which is why you might want to consider using one of the best password managers instead.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.