New Google Chrome 0-Day Vulnerability Exploited in the Wild

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing
The Chrome browser recently received an update from Google that addresses nearly a dozen associated vulnerabilities. There is also a zero-day vulnerability that is abused in the wild by hackers.

Following are the platforms for which the security update is currently being rolled out:-

  • Windows (104.0.5112.102/101)
  • Mac (104.0.5112.101)
  • Linux (104.0.5112.101)

There should be an automatic update sent out in the coming days or weeks for those users who have automatic updates enabled.

0-Day Vulnerability

When a large number of Chrome users have installed the security update, Google provides the key technical details about the zero-day vulnerabilities that they have fixed.

CVE-2022-2856 is the latest 0-day vulnerability found that is reportedly posing a high-severity security risk.

  • CVE-2022-2856: Insufficient validation of untrusted input in Intents.

Ashley Shen and Christian Resell, two TAG members, discovered and reported this 0-day vulnerability as soon as they became aware of it.

This year’s fifth zero-day vulnerability has been fixed in the latest Chrome update. Here below we have mentioned all the 0-day vulnerabilities found this year:-

  • CVE-2022-2294: July 4
  • CVE-2022-1364: April 14
  • CVE-2022-1096: March 25
  • CVE-2022-0609: February 14

A web service or application can be launched directly from a web page by using this browser feature. In software, a lack of input validation can lead to the following outcomes:-

  • Pathway to overriding protections
  • Exceeding the scope of the intended functionality
  • Potentially leading to buffer overflow
  • Directory traversal
  • SQL injection
  • Cross-site scripting
  • Null byte injection

Other Flaws

Here below, we have mentioned all the other flaws detected and fixed:-

  • CVE-2022-2852 (Critical)
  • CVE-2022-2854 (High)
  • CVE-2022-2855 (High)
  • CVE-2022-2857 (High)
  • CVE-2022-2858 (High)
  • CVE-2022-2853 (High)
  • CVE-2022-2859 (Medium)
  • CVE-2022-2860 (Medium)
  • CVE-2022-2861 (Medium)

Update

Here are the steps you need to follow in order to perform the update right now:-

  • Find the settings for your browser by heading to the browser’s menu.
  • Select “About Chrome.”
  • Now, wait, as the browser will scan for available updates.

To apply the security update to your program, restart the program once the download is complete.

This latest update to Google Chrome fixes a security flaw that has already been exploited by the attackers. Consequently, it is recommended that you update your browser as soon as possible to the most recent version.