You are currently viewing Google patches new Chrome zero-day flaw exploited in Wild

Google patches new Chrome zero-day flaw exploited in Wild

Google has released security fixes for the desktop Chrome app on Windows, Linux, and Mac. This consists of Ten vulnerabilities that include one Zero-day vulnerability with High severity. This is the fifth Zero-day vulnerability fixed by Google this year and is assigned with CVE-2022-2856.

Most of the vulnerabilities in the advisory released on August 16th address a Use after free vulnerability sharing critical and high severity in various components such as  FedCM, SwiftShader, ANGLE, Blink, Chrome OS Shell and Sign-In Flow. Google recommends Chrome browser users patch their applications immediately by installing the latest version.


Zero-Day Bug

CVE-2022-2856: Intent is not validated properly for untrusted input

Google Chrome’s Intents  is the vulnerable component. It is a mechanism for triggering apps directly from a web page, in which data on the web page is fed into an external app launched to process that data. This bug was reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19.

The tech giant has refrained from sharing additional specifics about the exploit until most of the users are updated. “Google is aware that an exploit for CVE-2022-2856 exists in the wild,” it added in the advisory.

Impact:
Successful exploitation of this bug leads to silent feeding of the local app with the sort of risky data that would typically be blocked on security grounds.


Other Vulnerabilities

As listed below, seven of these bugs are Use After Free caused by memory mismanagement, which is a flaw associated with improper use of dynamic memory while a program is running.

If the program fails to remove the pointer assigned to a dynamic memory region after releasing it, an attacker can use this error to compromise the program. This may result in arbitrary code execution, data corruption, or program failures.


Affected Products

Google Chrome version before 104.0.5112.101.


Solution

Google has released Chrome version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to address this issue.


SanerNow detects these vulnerabilities and automatically fixes them through patch management by applying security updates. We strongly recommend applying the security updates as soon as possible, following the instructions published in our support article.

 

4 1 vote
Article Rating
Subscribe
Notify of

0 Comments
Inline Feedbacks
View all comments