An actively exploited, highly severe zero-day vulnerability has been fixed in Google Chrome desktop. The vulnerability has been assigned the CVE-2022-2856 identifier.
Details about CVE-2022-2856
According to the official description, CVE-2022-2856 relates to an insufficient validation of untrusted input in Intents. The bug was reported by Ashley Shen and Christian Resell of Google Threat Analysis Group in July.
No further technical details describing the exploit were released. Google usually refrains from sharing vulnerability specifics until users apply the patch. The company is aware that exploits for the vulnerability exist in the wild.
This is not the only security issue fixed in the latest update of Google Chrome. Ten more flaws were fixed in various components of the browser.
“The Stable channel has been updated to 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows which will roll out over the coming days/weeks. Extended stable channel has been updated to 104.0.5112.101 for Mac and 104.0.5112.102 for Windows, which will roll out over the coming days/weeks,” the advisory said.
Another recently fixed Chrome zero-day is CVE-2022-1364, a type confusion vulnerability in the V8 JavaScript engine reported by Clément Lecigne of Google’s Threat Analysis Group earlier this year. The flaw was also rated as high in severity, with Google being aware of an exploit existing in the wild.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: