A zero-day security vulnerability in Google’s Chrome browser is being actively exploited in the wild.

The internet giant released 11 security patches for Chrome this week. It is now gradually rolling out to Windows, Mac, and Linux with automatic updates enabled. However, anyone can now manually update

The zero-day (CVE-2022-2856) is rated as high severity and involves “insufficient validation of untrusted input in Intents,” according to Google’s advisory.

The problem, identified as CVE-2022-2856, has been described as an instance of inadequate intent validation for untrusted input. The flaw was reported on July 19, 2022, by security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group.

How is the vulnerability spreading?

The bugged intent is used by Chrome to process user input. If the browser doesn’t properly validate this input, an attacker could specifically craft input that the application doesn’t expect, such as posting to the comments section of a website.

“This will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution,” according to MITRE.

The tech giant has waited to provide more information about the flaw until the bulk of consumers have been informed, as is customary. “Google is aware that an exploit for CVE-2022-2856 exists in the wild,” it acknowledged in a terse statement.

The most recent patch also fixes 10 more security weaknesses, the most of which are use-after-free bugs in various components like FedCM, SwiftShader, ANGLE, and Blink, among others. A heap buffer overflow issue in Downloads has also been patched.

Since the beginning of the year, this is the fifth actively exploited zero-day vulnerability Google has fixed in Chrome.

The previous four were,

• CVE-2022-0609 – Use-after-free in Animation
• CVE-2022-1096 – Type confusion in V8
• CVE-2022-1364 – Type confusion in V8
• CVE-2022-2294 – Heap buffer overflow in WebRTC

Remediation:

To minimize potential dangers, users are advised to update to versions 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows. Additionally, it is encouraged for users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi to apply the patches as soon as they become available.