New Google chrome zero-day vulnerability being exploited in the wild

September 1, 2022

A zero-day security vulnerability in Google’s Chrome browser is being actively exploited in the wild.

The internet giant released 11 security patches for Chrome this week. It is now gradually rolling out to Windows, Mac, and Linux with automatic updates enabled. However, anyone can now manually update

The zero-day (CVE-2022-2856) is rated as high severity and involves “insufficient validation of untrusted input in Intents,” according to Google’s advisory.

The problem, identified as CVE-2022-2856, has been described as an instance of inadequate intent validation for untrusted input. The flaw was reported on July 19, 2022, by security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group.

How is the vulnerability spreading?

The bugged intent is used by Chrome to process user input. If the browser doesn’t properly validate this input, an attacker could specifically craft input that the application doesn’t expect, such as posting to the comments section of a website.

“This will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution,” according to MITRE.

The tech giant has waited to provide more information about the flaw until the bulk of consumers have been informed, as is customary. “Google is aware that an exploit for CVE-2022-2856 exists in the wild,” it acknowledged in a terse statement.

The most recent patch also fixes 10 more security weaknesses, the most of which are use-after-free bugs in various components like FedCM, SwiftShader, ANGLE, and Blink, among others. A heap buffer overflow issue in Downloads has also been patched.

Since the beginning of the year, this is the fifth actively exploited zero-day vulnerability Google has fixed in Chrome.

The previous four were,

CVE-2022-0609 – Use-after-free in Animation
CVE-2022-1096 – Type confusion in V8
CVE-2022-1364 – Type confusion in V8
CVE-2022-2294 – Heap buffer overflow in WebRTC

Remediation:

To minimize potential dangers, users are advised to update to versions 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows. Additionally, it is encouraged for users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi to apply the patches as soon as they become available.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

New Google chrome zero-day vulnerability being exploited in the wild

Security Team

Related Posts

Inside Iran’s Cyber Playbook: AI, Fake Hosting, and Psychological Warfare

Protect Yourself from Online Scams: A Comprehensive Guide

Newly Discovered Fortigate Exploit

Our Offices

Corporate Office (HO):

UK Office:

Registered Office (Delhi):

Noida Office:

Phone:

Email

Click To Download

Download CyberSRC Services & Portfolio & Datasheets

Download Case Studies

Download Company Brochure