An actively exploited, highly severe zero-day vulnerability has been fixed in Google Chrome desktop. The vulnerability has been assigned the CVE-2022-2856 identifier.
Details about CVE-2022-2856
According to the official description, CVE-2022-2856 relates to an insufficient validation of untrusted input in Intents. The bug was reported by Ashley Shen and Christian Resell of Google Threat Analysis Group in July.
No further technical details describing the exploit were released. Google usually refrains from sharing vulnerability specifics until users apply the patch. The company is aware that exploits for the vulnerability exist in the wild.
This is not the only security issue fixed in the latest update of Google Chrome. Ten more flaws were fixed in various components of the browser.
“The Stable channel has been updated to 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows which will roll out over the coming days/weeks. Extended stable channel has been updated to 104.0.5112.101 for Mac and 104.0.5112.102 for Windows, which will roll out over the coming days/weeks,” the advisory said.