Google releases emergency fix for yet another zero-day

Google Chrome app is seen on an iPhone next to Edge and other web browser apps. Microsoft is using new prompts in Edge to try and stop users from downloading Chrome.

(Image credit: Tada Images / Shutterstock)

Google patched a high‑severity Chrome zero‑day alongside two medium‑severity flaws
Vulnerability likely tied to a LibANGLE buffer overflow enabling memory corruption and remote code execution
This marks Chrome’s eighth zero‑day fix this year, underscoring ongoing browser‑targeted attacks

Google recently updated its Chrome browser to protect against a high-severity vulnerability that was being abused in the wild as a zero-day.

In a security advisory published earlier this week, the browser giant said it fixed three bugs for Chrome, including two medium-severity ones, and one high-severity.

For the latter, Google said it was “aware that an exploit exists in the wild.” Other details were not disclosed, in order to protect the users as the patch rolls out. This is standard practice for Google, withholding key details from the users - but also from cybercriminals and other hackers.

Crashing the browser

Exact dates when the patch is expected to roll out is unknown, Google confirmed it will be coming to most users “over the coming days/weeks”. The Stable channel has been updated to 143.0.7499.109/.110 for Windows/Mac, and 143.0.7499.109 for Linux, and when we checked, the update was already installed.

There is no official confirmation on what the bug is, but according to the Chromium bug ID, it was found in Google’s open-source LibANGLE library, BleepingComputer reports. LibANGLE is a translation layer that converts OpenGL ES calls into other graphics APIs, usually Direct3D on Windows. It lets browsers and apps run WebGL and OpenGL ES content even if the operating system doesn’t support those APIs natively.

The same source claims the bug is most likely a buffer overflow vulnerability in ANGLE’s Metal renderer, caused by improper buffer sizing. Crooks could have used the bug to corrupt memory, crash the browser, leak sensitive data, or even execute arbitrary code, remotely.

This is the eighth zero-day vulnerability that Google fixed in its Chrome browser. Last year, the company addressed ten such vulnerabilities.

Browsers are one of the most used pieces of software on a computer and as such, are always the target of different hacking campaigns.

Via BleepingComputer

The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.