Google issued an update to the Stable channel of its Chrome browser on Wednesday containing a patch for a vulnerability currently in the wild.
According to Google’s alert, CVE-2022-2856 is a remedy for “insufficient validation of untrusted input in Intents.” Intents often convey data from one program to another, such as the share button in Chrome’s address bar. As the Dark Reading blog points out, input validation is a typical flaw in coding.
Ashley Shen and Christian Resell of the Google Threat Analysis Group reported the vulnerability, but not much detail has been shared about it for now.
You can wait for the automatic update, but manual updates are advised
The update—104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows—will “roll out over the next days/weeks,” according to Google. Still, users can and are advised to upgrade Chrome immediately manually.
The update also includes ten other security patches. According to Dark Reading, this is Chrome’s seventh zero-day vulnerability exposed in 2022. In 2022 alone, the browser has also recorded and patched give zero-day vulnerabilities.
Chrome has had a busy year fixing zero-day vulnerabilities
The latest Chrome update fixes the sixth zero-day vulnerability in Google Chrome this year that threat actors are actively exploiting:
The past four were as follows:
- CVE-2022-2294 – July 4
- CVE-2022-2294 – July 4
- CVE-2022-1096 – 25 March
- CVE-2022-0609 – February 14 (North Korean hackers exploited this particular vulnerability in their phishing campaigns)
To upgrade your browser right now, go to the settings menu, pick “About Chrome,” and let the browser’s inbuilt scanner check for available updates. Restart the browser when the download has been completed to install the security update.
Also read: Google improves Workspace security against account hijacking.
7 hours ago
