Get ready to patch. Google has uncovered hackers exploiting a previously unknown Chrome browser flaw.
The company mentioned the “zero-day exploit” in the latest patches for Chrome, which were released on Tuesday. Google detected the high-severity flaw with the help of its own security researchers.
The flaw has been given the designation CVE-2022-2856(Opens in a new window), but the company is remaining mum on details. For now, Google has only described the exploit as involving “insufficient validation of untrusted input in Intents.”
These intents(Opens in a new window) can allow a web page to access and run a third-party app over the browser session. Hence, there’s a good chance hackers are using the zero-day exploit to serve up malicious apps through a web page or phishing email.
CVE-2022-2856 marks the fifth time this year Google has patched an actively exploited flaw in the Chrome browser. Last month, Google patched a fourth flaw that security researchers at Avast believe is connected to an Israeli spyware company called Candiru and its attempts to spy on journalists.
Back in March, Google acknowledged(Opens in a new window) it’s also seen an uptick in actively exploited zero-day flaws across the industry, particularly with the Chrome browser.
In-the-wild ‘zero day’ browser bugs that Google has detected for each year.
(Credit: Google)
The company says one reason is because the security industry and Google have become better at uncovering zero-day attacks targeting users. At the same time, elite hackers are probably prioritizing finding ways to exploit Chrome, given the browser’s popularity.
Recommended by Our Editors
Another factor is that “browsers increasingly mirror the complexity of operating systems—providing access to your peripherals, filesystem, 3D rendering, GPUs—and more complexity means more bugs,” Google says.
The patch for CVE-2022-2856 should begin rolling out to the Chrome browser for Windows, macOS, and Linux devices in the coming days and weeks via Chrome version 104.0.5112.101/102. You can check which version of Chrome you’re running by going to the About Google Chrome function. The same function will also automatically begin downloading the latest Chrome version once it becomes available.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
