Article 62MBM Update Chrome now to patch actively exploited zero-day

Update Chrome now to patch actively exploited zero-day

by
Kevin Purdy
from Ars Technica - All content on (#62MBM)
GettyImages-486305786-800x533.jpg

Enlarge / It's a good time to restart or update Chrome-if your tabs love you, they'll come back. (credit: Getty Images)

Google announced an update on Wednesday to the Stable channel of its Chrome browser that includes a fix for an exploit that exists in the wild.

CVE-2022-2856 is a fix for "insufficient validation of untrusted input in Intents," according to Google's advisory. Intents are typically a way to pass data from inside Chrome to another application, such as the share button on Chrome's address bar. As noted by the Dark Reading blog, input validation is a common weakness in code.

The exploit was reported by Ashley Shen and Christian Resell of the Google Threat Analysis Group, and that's all the information we have for now. Details of the exploit are currently tucked behind a wall in the Chromium bugs group and are restricted to those actively working on related components and registered with Chromium. After a certain percentage of users have applied the relevant updates, those details may be revealed.

Read 2 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments