Popular browsers Google Chrome, Mozilla Firefox, and Opera are often targeted by cybercriminals who want access to users’ personal data. A few days ago, Google released an emergency update to the Chrome browser for personal computers because developers discovered a serious vulnerability that allows attackers to cause a buffer overflow error in the GPU.
Unlike other exploits that other users have found, this time the bug was discovered internally. Google’s Threat Analysis Group is dedicated to finding vulnerabilities in its products and countermeasures against cyberthreats. Clement Lesin of the department discovered the problem on November 22, and a few days later it was reported to NIST. The update came out recently, and not all users have had time to install it on computers, in connection with which the company declined to report details of the error. However, Google representatives recommend updating Chrome as soon as possible.
If you go to the NIST database site and enter the problem code, you will get more detailed information about the found vulnerability. Buffer overflow leads to the fact that all data is written to closed memory areas without any checks. Due to this effect, hackers overwrite application memory and get free access to the information, or, even worse, the ability to execute arbitrary code.
In 2022, this is the eighth bug that was actively exploited by hackers to gain confidential user information. Despite the fact that developers are promptly releasing an update with a solution to the problem, many users’ devices are at risk. Approximately 70% of the identified vulnerabilities cause the program to fail when accessing device memory.