New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

Google on Tuesday rolled out patches for Chrome browser for
desktops to contain an actively exploited high-severity zero-day
flaw in the wild.

Tracked as CVE-2022-2856, the issue has been
described as a case of insufficient validation of untrusted input
in Intents^[1]. Security researchers
Ashley Shen and Christian Resell of Google Threat Analysis Group
have been credited with reporting the flaw on July 19, 2022.

As is typically the case, the tech giant has refrained from
sharing additional specifics about the shortcoming until a majority
of the users are updated. “Google is aware that an exploit for
CVE-2022-2856 exists in the wild,” it acknowledged^[2]
in a terse statement.

The latest update also addressed 10 other security flaws, most
of which relate to use-after-free bugs in various components such
as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed
is a heap buffer overflow vulnerability in Downloads.

The development marks the fifth zero-day vulnerability in Chrome
that Google has resolved since the start of the year –

Users are recommended to update to version 104.0.5112.101 for
macOS and Linux and 104.0.5112.102/101 for Windows to mitigate
potential threats. Users of Chromium-based browsers such as
Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply
the fixes as and when they become available.