Google pushes urgent Chrome fix just in time for Cyber Monday

Brock Bingham candid headshot
Brock Bingham|November 28, 2022
Chrome vulnerability featured blog image
Chrome vulnerability featured blog image

Cyber Monday is one of my favorite non-holiday holidays. You go to work and pretend to get stuff done when in reality, you spend most of the day shopping online and thinking about the leftovers you packed for lunch. However, before you start your shopping spree this Cyber Monday, you may want to take a few minutes to ensure your Chrome client is up to date.

What we know about CVE-2022-4135

Tracked as CVE-2022-4135, this new exploit is Google Chrome’s eighth zero-day vulnerability of 2022 and was discovered by Clement Lecigne of Google’s Threat Analysis Group on November 22. While the vulnerability has been identified as a heap buffer overflow in GPU, Google has kept many details about the exploit confidential to limit exposure while they distribute the patch to resolve the vulnerability.

According to the NIST National Vulnerability Database, the vulnerability “allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.”

Patch before you shop

As with most security risks, the best way to remediate the vulnerability is to ensure that affected devices get patched as soon as possible. So before you go online shopping to get your favorite tech blogger that pair of Sony WH-1000XM5s they’ve always wanted, you should make sure you’re rocking the latest version (107.0.5304.121/.122) of Chrome first. How? I’m glad you asked. Here’s how to check what version of Google Chrome you’re using and update it.

  1. In Google Chrome, click the three dots button, click Help, and then click About Google Chrome.

    Navigating to the About Google Chrome settings page

  2. Once on the About Chrome settings page, Chrome should automatically check for and download the latest update.

  3. Once the update downloads, click Relaunch to close and relaunch Chrome and finish installing the patch.

    Relaunch Google Chrome to finish installing the update

With Chrome patched, you’re ready to spend Cyber Monday how it was meant to be celebrated: pretending to work while racking up credit card debt.

How to patch Google Chrome the sysadmin way

What’s that? You’re a sysadmin? I knew there was something special about you. That probably means you’ve got hundreds or thousands of devices to update before you can enjoy Cyber Monday. No worries. With PDQ Deploy and Inventory, you can get your patches deployed before that discounted Lego set you’ve been eyeing sells out. Here’s how.

  1. In PDQ Deploy, click Package Library.

  2. In the filter field, enter Chrome.

  3. Select the Google Chrome Enterprise package.

  4. Click Download Selected (As Auto Download).

    Downloading the Google Chrome package from the package library

  5. Once the package finishes downloading, right-click on the package and click Deploy Once.

    Deploying the Google Chrome package in PDQ Deploy

  6. Click Choose Targets > PDQ Inventory > Collection.

    Adding a PDQ Inventory collection as the deployment target

  7. Expand Collection Library > Applications > Internet Browsers > Chrome Enterprise, then select the Chrome Enterprise (Old) collection, then click OK.

    Select the Chrome Enterprise Old collection.

  8. Verify your targets, then click Deploy Now.

    Start the deployment by clicking Deploy Now

Once the deployments wrap up, head on over to your favorite online retailer and buy that Lego Millennium Falcon; you’ve earned it.

‘Tis the season for patching

Holidays are stressful enough without zero-day vulnerabilities to worry about. Let PDQ Deploy and Inventory help keep your devices up to date automatically so that you can spend more time watching Black Friday doorbuster disaster videos online while eating leftovers. Try out Deploy and Inventory for yourself with a 14-day free trial.

While Chrome exploits are not to be taken lightly, I’m hoping Santa buffer overflows my stocking this year for being extra good and keeping my devices up to date. I also wouldn’t mind if cybercriminals made the naughty list and got a visit from Robot Santa Claus from Futurama. Fingers crossed!

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles