Patch Google Chrome now to fix this emergency security flaw

(Image credit: Shutterstock)

Google has released an update for a high-severity zero-day vulnerability, known as CVE-2022-4135, which impacts its Chrome browser.

The search giant said that an exploit for the vulnerability, detected by the French security researcher Clement Lecigne, exists in the wild, meaning users could be at risk.

Google said it won't disclose much information about the nature of the vulnerability "until a majority of users are updated with a fix" and that it "will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed".

So, what do we know?

Google was able to disclose that the vulnerability was an example of what's called a "heap buffer overflow", a variety of buffer overflow where a buffer that is vulnerable to overwriting is located in the "heap" portion of the system's memory.

Disclosing anymore could "tip off" bad actors about the vulnerability before the vast majority of Google Chrome's users are fully patched.

Users who want to avoid the risk of being impacted are advised to update to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows, which are both sets that will roll out over the coming days and weeks.

Google's flagship Chrome browser has certainly racked up a stable number of security vulnerabilities in recent years.

The browser currently boasts around 66 percent market share according to data from StatCounter, and has had 303 vulnerabilities unearthed between January 1, 2022, to October 5, 2022 according to data from

In contrast, Safari only had 26 vulnerabilities revealed in the same time period, while Microsoft Edge had 103 vulnerabilities,s and Mozilla Firefox came in second place with 117 vulnerabilities.

> Google Chrome for Android is getting a huge update for tablets

> Google Chrome extensions could pose high security risk, researchers fear

> Our guide to the best firewalls

This includes a zero-day vulnerability called CVE-2022-3723 uncovered earlier this month, which apparently represented a "Type Confusion flaw" which impacted Chrome’s V8 JavaScript engine.

As per a report from cybersecurity company Avertium, the vulnerability could have potentially enabled bad actors to dupe Chrome into running malignant malware.

Interested in keeping your organization safe? Check out our guide to the best endpoint protection

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.