Google pushes emergency Chrome update to fix 8th zero-day in 2022

Honest question: where do all of the new zero day vulnerabilities come from, new features/code? Just new bug detection techniques? I'd think over time entropy would get us to a point where there's hardly any vulnerabilities at all, but that's clearly not the case.

<a href="https:&#x2F;&#x2F;nvd.nist.gov&#x2F;vuln&#x2F;detail&#x2F;CVE-2022-4135" rel="nofollow">https:&#x2F;&#x2F;nvd.nist.gov&#x2F;vuln&#x2F;detail&#x2F;CVE-2022-4135</a><p>“Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)”

I’m confused. If it’s a “heap buffer overflow in the GPU”, does this fix the chrome path to exploit and leave the driver for the manufacturer to patch ?<p>Or perhaps the bug is not actually “in the gpu “ ?

If they are fixing it is it a zero-day? What does that mean in this context?