Chrome 0-Day Vulnerability

The Chrome browser recently received an update from Google that addresses nearly a dozen associated vulnerabilities. There is also a zero-day vulnerability that is abused in the wild by hackers.

Following are the platforms for which the security update is currently being rolled out:-

  • Windows (104.0.5112.102/101)
  • Mac (104.0.5112.101)
  • Linux (104.0.5112.101)

There should be an automatic update sent out in the coming days or weeks for those users who have automatic updates enabled. 

0-Day Vulnerability

When a large number of Chrome users have installed the security update, Google provides the key technical details about the zero-day vulnerabilities that they have fixed.

CVE-2022-2856 is the latest 0-day vulnerability found that is reportedly posing a high-severity security risk.

  • CVE-2022-2856: Insufficient validation of untrusted input in Intents.

Ashley Shen and Christian Resell, two TAG members, discovered and reported this 0-day vulnerability as soon as they became aware of it.

This year’s fifth zero-day vulnerability has been fixed in the latest Chrome update. Here below we have mentioned all the 0-day vulnerabilities found this year:-

  • CVE-2022-2294: July 4
  • CVE-2022-1364: April 14
  • CVE-2022-1096: March 25
  • CVE-2022-0609: February 14

A web service or application can be launched directly from a web page by using this browser feature. In software, a lack of input validation can lead to the following outcomes:-

  • Pathway to overriding protections
  • Exceeding the scope of the intended functionality
  • Potentially leading to buffer overflow
  • Directory traversal
  • SQL injection
  • Cross-site scripting
  • Null byte injection

Other Flaws

Here below, we have mentioned all the other flaws detected and fixed:-

  • CVE-2022-2852 (Critical)
  • CVE-2022-2854 (High)
  • CVE-2022-2855 (High)
  • CVE-2022-2857 (High)
  • CVE-2022-2858 (High)
  • CVE-2022-2853 (High)
  • CVE-2022-2859 (Medium)
  • CVE-2022-2860 (Medium)
  • CVE-2022-2861 (Medium)

Update

Here are the steps you need to follow in order to perform the update right now:-

  • Find the settings for your browser by heading to the browser’s menu.
  • Select “About Chrome.” 
  • Now, wait, as the browser will scan for available updates. 

To apply the security update to your program, restart the program once the download is complete.

This latest update to Google Chrome fixes a security flaw that has already been exploited by the attackers. Consequently, it is recommended that you update your browser as soon as possible to the most recent version.

Download Free SWG – Secure Web Filtering – E-book

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.