Heads up, Chrome customers! Google has rolled out one other main Chrome browser replace fixing a critical zero-day vulnerability. Given its lively exploitation, customers should replace their units on the earliest to stay protected.
Google Chrome Zero-Day Vulnerability
In response to a current advisory, Google has patched one other extreme zero-day vulnerability within the Chrome browser.
This time, the vulnerability caught the eye of Google Menace Evaluation Group researchers Ashley Shen and Christian Resell, who then reported the flaw.
The transient description of this bug signifies that the flaw existed because of improper enter validation in Intents. The vulnerability has obtained a high-severity ranking with the ID quantity CVE-2022-2856.
Like at all times, Google hasn’t disclosed any particulars concerning the vulnerability exploit. Nevertheless, it nonetheless managed to draw the cybercriminals’ consideration, who then began exploiting it within the wild. Google additionally confirmed the identical by stating,
Google is conscious that an exploit for CVE-2022-2856 exists within the wild.
Alongside this vulnerability, Google has additionally addressed 10 different safety points within the Chrome browser, releasing a complete of 11 safety fixes with the newest replace.
Crucial of those flaws is a important use after free in FedCM (CVE-2022-2852) that caught the eye of Venture Zero’s Sergei Glazunov.
As well as, Cassidy Kim of Amber Safety Lab, OPPO Cellular Telecom, reported two high-severity vulnerabilities within the browser. These embrace a use after free vulnerability in SwiftShader (CVE-2022-2854) and use after free flaw in ANGLE. Each the bug studies made the researcher win a $7000 bounty every.
In addition to, Google patched three different high-severity vulnerabilities and three medium-severity flaws with the browser replace.
Google has confirmed rolling out the newest Chrome secure model 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Home windows within the coming days. Therefore, customers should stay vigilant about updating their units well timed to keep away from any exploits.
The current zero-day repair arrived only a month after Google patched a heap-buffer overflow in WebRTC, exhibiting how the attackers are actively looking for Chrome bugs to focus on customers.
Tell us your ideas within the feedback.