Google warns of zero-day vulnerability in Chrome

It added that a successful exploitation of the vulnerability could allow attackers to overwrite the application's memory to manipulate its execution path, resulting in unrestricted information access or arbitrary code execution.

Users of Chrome are advised to upgrade their browser to version 107.0. Version 107.0 for macOS and Linux and 5304.121 for macOS and Linux. It's possible to mitigate potential threats with 5304.121 122 for Windows.

The users are encouraged to enable automatic updates in Chrome to make sure their software is updated quickly, said SingCERT.

Users of chromium-based browsers, such as Microsoft Edge, Brave, Opera and Vivaldi, are advised to apply relevant fixes as and when they become available.

The vulnerability was reported on November 22 by Clement Lecigne of Google's Threat Analysis Group.

Access to bug details and links can be restricted until a majority of users are updated with a fix, according to Google's Chrome Releases website.

We will retain restrictions if the bug exists in a third-party library that other projects depend on, but haven't yet fixed. This is the eighth zero-day vulnerability exploited in attacks this year, according to Bleeping Computer.

The vulnerability is a heap buffer overflow in a GPU, said Google.

Attackers may use heap buffer overflow to overwrite an application's memory to manipulate its execution path, resulting in unrestricted information access or arbitrary code execution, said Bleeping Computer.