Google Has Released an Update for the New Chrome Zero-Day Vulnerability

Google has released security updates for many vulnerabilities, including the zero-day vulnerability for the Chrome browser.

These defects are known to be actively exploited in the wild. Defined as a case of insufficient validation of untrusted inputs in Intents, the flaw is tracked with code CVE-2022-2856 (CVSS: N/A).

The firm refrained from sharing additional relevant details until users made the updates.

Regarding the issue, “Google is aware that an exploit for CVE-2022-2856 exists in the wild.” the company said.

The latest update includes a stack buffer overflow vulnerability in Downloads and 10 other vulnerabilities related to post-freeware bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink.

The security update is currently available for Windows, Mac and Linux.

The zero-day vulnerabilities in Chrome that Google has resolved since the start of the year :

  •     CVE-2022-0609 (CVSS: 8.8) – Use-after-free in Animation
  •     CVE-2022-1096 (CVSS: 8.8)  – Type confusion in V8
  •     CVE-2022-1364 (CVSS: 8.8)  – Type confusion in V8
  •     CVE-2022-2294 (CVSS: 8.8) – Heap buffer overflow in WebRTC

It is recommended to update to 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to prevent potential threats.

References:

https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html