Cyber Monday is one of my favorite non-holiday holidays. You go to work and pretend to get stuff done when in reality, you spend most of the day shopping online and thinking about the leftovers you packed for lunch. However, before you start your shopping spree this Cyber Monday, you may want to take a few minutes to ensure your Chrome client is up to date.
What we know about CVE-2022-4135
Tracked as CVE-2022-4135, this new exploit is Google Chrome’s eighth zero-day vulnerability of 2022 and was discovered by Clement Lecigne of Google’s Threat Analysis Group on November 22. While the vulnerability has been identified as a heap buffer overflow in GPU, Google has kept many details about the exploit confidential to limit exposure while they distribute the patch to resolve the vulnerability.
According to the NIST National Vulnerability Database, the vulnerability “allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.”
Patch before you shop
As with most security risks, the best way to remediate the vulnerability is to ensure that affected devices get patched as soon as possible. So before you go online shopping to get your favorite tech blogger that pair of Sony WH-1000XM5s they’ve always wanted, you should make sure you’re rocking the latest version (107.0.5304.121/.122) of Chrome first. How? I’m glad you asked. Here’s how to check what version of Google Chrome you’re using and update it.
In Google Chrome, click the three dots button, click Help, and then click About Google Chrome.
Once on the About Chrome settings page, Chrome should automatically check for and download the latest update.
Once the update downloads, click Relaunch to close and relaunch Chrome and finish installing the patch.
With Chrome patched, you’re ready to spend Cyber Monday how it was meant to be celebrated: pretending to work while racking up credit card debt.
How to patch Google Chrome the sysadmin way
What’s that? You’re a sysadmin? I knew there was something special about you. That probably means you’ve got hundreds or thousands of devices to update before you can enjoy Cyber Monday. No worries. With PDQ Deploy and Inventory, you can get your patches deployed before that discounted Lego set you’ve been eyeing sells out. Here’s how.
In PDQ Deploy, click Package Library.
In the filter field, enter Chrome.
Select the Google Chrome Enterprise package.
Click Download Selected (As Auto Download).
Once the package finishes downloading, right-click on the package and click Deploy Once.
Click Choose Targets > PDQ Inventory > Collection.
Expand Collection Library > Applications > Internet Browsers > Chrome Enterprise, then select the Chrome Enterprise (Old) collection, then click OK.
Verify your targets, then click Deploy Now.
Once the deployments wrap up, head on over to your favorite online retailer and buy that Lego Millennium Falcon; you’ve earned it.
‘Tis the season for patching
Holidays are stressful enough without zero-day vulnerabilities to worry about. Let PDQ Deploy and Inventory help keep your devices up to date automatically so that you can spend more time watching Black Friday doorbuster disaster videos online while eating leftovers. Try out Deploy and Inventory for yourself with a 14-day free trial.
While Chrome exploits are not to be taken lightly, I’m hoping Santa buffer overflows my stocking this year for being extra good and keeping my devices up to date. I also wouldn’t mind if cybercriminals made the naughty list and got a visit from Robot Santa Claus from Futurama. Fingers crossed!