Google announced on Wednesday an update to its Chrome browser’s stable channel that includes a fix for an exploit that exists in the wild.
CVE-2022-2856 fixes “insufficient validation of untrusted inputs in Intents”, according to Google’s advice. Intents are usually a way of passing data from Chrome to another application, such as the share button in Chrome’s address bar. As noted by the Dark Reading blog, input validation is a common weakness in code.
The exploit was reported by Ashley Shen and Christian Resell of the Google Threat Analysis Group, and that’s all we have so far. Details of the exploit are currently behind a wall in the Chromium bugs group and are restricted to those actively working on related components and registered with Chromium. After a certain percentage of users have applied the relevant updates, those details can be revealed.
Google says the update – 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows – “will roll out in the coming days/weeks”, but you can (and should) update Chrome manually now (check the “About ” section of your settings).
10 more security fixes are included in the update. Dark Reading notes that this is Chrome’s fifth zero-day vulnerability revealed in 2022.
List image by Getty Images