Heads up, Chrome users! Google has rolled out another major Chrome browser update fixing a serious zero-day vulnerability. Given its active exploitation, users must update their devices at the earliest to remain safe.
Google Chrome Zero-Day Vulnerability
According to a recent advisory, Google has patched another severe zero-day vulnerability in the Chrome browser.
This time, the vulnerability caught the attention of Google Threat Analysis Group researchers Ashley Shen and Christian Resell, who then reported the flaw.
The brief description of this bug indicates that the flaw existed due to improper input validation in Intents. The vulnerability has received a high-severity rating with the ID number CVE-2022-2856.
Like always, Google hasn’t disclosed any details about the vulnerability exploit. However, it still managed to attract the cybercriminals’ attention, who then started exploiting it in the wild. Google also confirmed the same by stating,
Google is aware that an exploit for CVE-2022-2856 exists in the wild.
Alongside this vulnerability, Google has also addressed 10 other security issues in the Chrome browser, releasing a total of 11 security fixes with the latest update.
The most important of these flaws is a critical use after free in FedCM (CVE-2022-2852) that caught the attention of Project Zero’s Sergei Glazunov.
In addition, Cassidy Kim of Amber Security Lab, OPPO Mobile Telecom, reported two high-severity vulnerabilities in the browser. These include a use after free vulnerability in SwiftShader (CVE-2022-2854) and use after free flaw in ANGLE. Both the bug reports made the researcher win a $7000 bounty each.
Besides, Google patched three other high-severity vulnerabilities and three medium-severity flaws with the browser update.
Google has confirmed rolling out the latest Chrome stable version 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows in the coming days. Hence, users must remain vigilant about updating their devices timely to avoid any exploits.
The recent zero-day fix arrived just a month after Google patched a heap-buffer overflow in WebRTC, showing how the attackers are actively hunting for Chrome bugs to target users.
Let us know your thoughts in the comments.