Google Chrome: an update to fix a zero-day flaw

Google offers a new Chrome update which is quite important since it corrects 12 security vulnerabilities, including one of the zero-day type. Hackers have already exploited the flaw in question. For information, this is the fifth zero-day flaw for Chrome in 2022. The previous one dates back to last month.

The zero-day flaw in Chrome has the identifier CVE-2022-2856. “Insufficient validation of untrusted inputs in Intents”, only indicates Google. Intents are used by Chrome to process user input. If the browser does not correctly validate these entries, an attacker is able to specially craft an entry (for example, a message in the comments section of a website) that is not expected by the application. Upon arrival, this may result in impaired control flow, arbitrary control of a resource, or execution of arbitrary code.

Google does not yet give all the details. The group will wait for the update to be installed by as many people as possible to say more. The goal is not to reveal everything right away, otherwise hackers could attack people who have not updated the browser.

Chrome 104.0.5112.102/101 on Windows fixes the critical flaw. On Mac and Linux, this is version 104.0.5112.101. You can update now from browser settings or by manually downloading the version from google.com/chrome.

Leave a Comment