Jump to content

A chrome-coloured day - Update Chrome now to patch actively exploited zero-day

 Share

Summary

Google released an update to the Chrome browser's Stable channel on Wednesday that includes a fix for an exploit. According to Google's advisory, CVE-2022-2856 is a fix for "insufficient validation of untrusted input in Intents." Intents are typically used to pass data from one application to another, such as the share button in Chrome's address bar. As the Dark Reading blog points out, input validation is a common flaw in code.

 

Quotes

Quote

The exploit was reported by Ashley Shen and Christian Resell of the Google Threat Analysis Group, and that's all the information we have for now. Details of the exploit are currently tucked behind a wall in the Chromium bugs group and are restricted to those actively working on related components and registered with Chromium. After a certain percentage of users have applied the relevant updates, those details may be revealed.

Google says the update—104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows—will "roll out over the coming days/weeks," but you can (and should) manually update Chrome now (check the "About" section of your settings).

 

My thoughts

So, this is probably bad, seeing as the majority of the world uses chrome and this one out of vulnerabilities in this year? Seems like a big yikes to me. It appears google is keeping details of the exploit under wraps for the time-being so, idk, update it to the latest version. 

Also, Something I'm curious about, does this also affect Chromium-based browsers? I'd assume so, but it anyone can confirm please do tell.

Sources

ArsTechnica

Google

DarkReading

If you think I'm wrong, correct me. If I've offended you in some way tell me what it is and how I can correct it. I want to learn, and along the way one can make mistakes; Being wrong helps you learn what's right.

Link to comment
Share on other sites

Link to post
Share on other sites

25 minutes ago, Lightwreather JfromN said:

Also, Something I'm curious about, does this also affect Chromium-based browsers? I'd assume so, but it anyone can confirm please do tell.

On their release page they link the Chromium Security page so I am certain this also affects Chromium browsers. Not great..

https://sites.google.com/a/chromium.org/dev/Home/chromium-security

Edited by RockSolid1106

"Coding skill isn’t about knowing how to make things; It’s about being able to find the right Stack Overflow code to copy paste."

bruh switch to dark mode its at the bottom of this page

VPN Server Guide

Link to comment
Share on other sites

Link to post
Share on other sites

32 minutes ago, Lightwreather JfromN said:

one out of vulnerabilities in this year?

More like one out of 500. Browsers are wildly complex now, with unimaginable numbers of attack surfaces. For every vulnerability we see get exploited at least a hundred more are quietly fixed. It's just the nature of the beast when browsers are the primary target for anyone looking to distribute malware. In this respect, everyone in the browser game is just as bad as Chrome.

 

That said, Firefox 4 lyfe.

¯\_(ツ)_/¯

 

 

Desktop:

Intel Core i7-11700K | Noctua NH-D15S chromax.black | ASUS ROG Strix Z590-E Gaming WiFi  | 32 GB G.SKILL TridentZ 3200 MHz | ASUS TUF Gaming RTX 3080 | 1TB Samsung 980 Pro M.2 PCIe 4.0 SSD | 2TB WD Blue M.2 SATA SSD | Seasonic Focus GX-850 Fractal Design Meshify C Windows 10 Pro

 

Laptop:

HP Omen 15 | AMD Ryzen 7 5800H | 16 GB 3200 MHz | Nvidia RTX 3060 | 1 TB WD Black PCIe 3.0 SSD | 512 GB Micron PCIe 3.0 SSD | Windows 11

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×