Google on Tuesday, released a special patch suddenly that addresses the exploit CVE-2022-2856 that specifically attacks the Chrome browser. The CVE above has the highest status, namely High-severity Zero-day Flaw.
CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.
In addition to overcoming these security holes, Google also closed several security holes in the patch that was present yesterday. Among them: relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads.
The development marks the fifth zero-day vulnerability in Chrome that Google has been resolved since the start of the year -
- CVE-2022-0609 - Use-after-free in Animation
- CVE-2022-1096 - Type confusion in V8
- CVE-2022-1364 - Type confusion in V8
- CVE-2022-2294 - Heap buffer overflow in WebRTC
Users are expected to update their Google Chrome soon to version 104.0.5112.101 for macOS and Linux, and to version 104.0.5112.102/101 for users on the Windows platform. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.