SINGAPORE: Google Chrome users should install the latest security updates following reports that hackers are exploiting a “zero-day vulnerability”, the Singapore Computer Emergency Response Team (SingCERT) said on Saturday (Nov 26).
The vulnerability is reportedly being “actively exploited”, said SingCERT.
“Successful exploitation of the vulnerability could allow attackers to overwrite the application’s memory to manipulate its execution path, resulting in unrestricted information access or arbitrary code execution,” it added.
Chrome users are advised to upgrade their browser to version 107.0.5304.121 for macOS and Linux, and version 107.0.5304.121/122 for Windows to mitigate potential threats.
“Users are also encouraged to enable automatic updates in Chrome to ensure that their software is updated promptly,” said SingCERT.
Users of Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply relevant fixes as and when they become available.
The vulnerability was reported on Nov 22 by Clement Lecigne of Google’s Threat Analysis Group.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” said Google on its Chrome Releases website.
“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
This is the eighth zero-day vulnerability exploited in attacks this year, reported technology website Bleeping Computer.
The vulnerability is a heap buffer overflow in GPU, said Google.
“Attackers may use heap buffer overflow to overwrite an application’s memory to manipulate its execution path, resulting in unrestricted information access or arbitrary code execution,” said Bleeping Computer.
