New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

Google
on
Tuesday
rolled
out
patches
for
Chrome
browser
for
desktops
to
contain
an
actively
exploited
high-severity
zero-day
flaw
in
the
wild.

Tracked
as

CVE-2022-2856
,
the
issue
has
been
described
as
a
case
of
insufficient
validation
of
untrusted
input
in

Intents
.
Security
researchers
Ashley
Shen
and
Christian
Resell
of
Google
Threat
Analysis
Group
have
been
credited
with
reporting
the
flaw
on
July
19,
2022.

As
is
typically
the
case,
the
tech
giant
has
refrained
from
sharing
additional
specifics
about
the
shortcoming
until
a
majority
of
the
users
are
updated. “Google
is
aware
that
an
exploit
for
CVE-2022-2856
exists
in
the
wild,”
it

acknowledged

in
a
terse
statement.

The
latest
update
also
addressed
10
other
security
flaws,
most
of
which
relate
to
use-after-free
bugs
in
various
components
such
as
FedCM,
SwiftShader,
ANGLE,
and
Blink,
among
others.
Also
fixed
is
a
heap
buffer
overflow
vulnerability
in
Downloads.

The
development
marks
the
fifth
zero-day
vulnerability
in
Chrome
that
Google
has
resolved
since
the
start
of
the
year

Users
are
recommended
to
update
to
version
104.0.5112.101
for
macOS
and
Linux
and
104.0.5112.102/101
for
Windows
to
mitigate
potential
threats.
Users
of
Chromium-based
browsers
such
as
Microsoft
Edge,
Brave,
Opera,
and
Vivaldi
are
also
advised
to
apply
the
fixes
as
and
when
they
become
available.

Leave a Reply

Your email address will not be published. Required fields are marked *