The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.
A zero-day security vulnerability in Google's Chrome browser is being actively exploited in the wild.
The Internet behemoth released 11 security patches for Chrome this week, which are now being pushed out in stages to those with automatic updates enabled for Windows, Mac, and Linux; however, everyone can manually update now.
The zero-day (CVE-2022-2856) is rated as high severity and involves “insufficient validation of untrusted input in Intents,” according to Google's advisory.
Intents, where the bug resides, are used by Chrome to process user input; if the browser doesn't validate this input properly, an attacker is able to specially craft an input (say, a post in the comments section of a website) that's not expected by the application.
"This will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution," according to MITRE.
Other details of the bug are scant — Google usually restricts details until a quorum of users have applied the updates.
Still, “Google is aware that an exploit for CVE-2022-2856 exists in the wild,” reads the alert, so users should patch now.
This is the fifth actively exploited zero-day vulnerability disclosed in Chrome in 2022. The previous four were: CVE-2022-0609 (February), CVE-2022-1096 (March), CVE-2022-1364 (April), and CVE-2022-2294 (July).
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024