This year, Google has addressed five zero-day vulnerabilities in Chrome.
On Wednesday, Google announced a remedy for an exploit that is now being used in the wild in the Stable channel of their Chrome browser.
According to Google’s alert, CVE-2022-2856 is a remedy for “insufficient validation of untrusted input in Intents.” The share button on Chrome’s address bar is an example of how intents are often used to transfer data from within Chrome to another application. The Dark Reading blog pointed out that input validation is a frequent flaw in coding.
We currently only know that Ashley Shen and Christian Resell of the Google Threat Analysis Group reported the attack. Information on the exploit is now hidden behind a wall in the Chromium bugs group and is only accessible to people who are registered with Chromium and working on related components. Those details might be made public once a specific proportion of users have installed the pertinent updates.
You can (and should) manually update Chrome right away, even though Google claims the update—104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows—will “roll out over the following days/weeks” (check the “About” section of your settings).
The update also contains ten other security patches. This is Chrome’s fifth zero-day vulnerability that has been made public in 2022, according to Dark Reading.