Update Chrome now to fix actively exploited zero day
Update Chrome now to fix actively exploited zero day
Expand / It's a good time to restart or update Chrome: If your tabs love you, they will come back.
Getty Images
Google on Wednesday announced an update to its Chrome browser's Stable channel that includes a fix for an exploit that exists in the wild.
CVE-2022-2856 is a fix for "insufficient validation of untrusted inputs in intents", according to Google's advisory. Intents are usually a way to pass data from Chrome to another app, like the share button in Chrome's address bar. As noted by the Dark Reading blog, input validation is a common weakness in code.
The exploit was reported by Ashley Shen and Christian Resell of the Google Threat Analysis Group, and that's all the information we have at this time. Details of the exploit are currently hidden behind a wall in the Chromium bug pool and are restricted to those actively working on related components and registered with Chromium. After a certain percentage of users have applied the relevant updates, these details may be revealed.
Google says the update (104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows) "will be rolling out over the next few days/weeks", but you can (and should) update Chrome manually now (check the "About" section of your settings).
10 more security fixes are included in the update. Dark Reading notes that this is Chrome's fifth disclosed zero-day vulnerability in 2022.
Expand / It's a good time to restart or update Chrome: If your tabs love you, they will come back.
Getty Images
Google on Wednesday announced an update to its Chrome browser's Stable channel that includes a fix for an exploit that exists in the wild.
CVE-2022-2856 is a fix for "insufficient validation of untrusted inputs in intents", according to Google's advisory. Intents are usually a way to pass data from Chrome to another app, like the share button in Chrome's address bar. As noted by the Dark Reading blog, input validation is a common weakness in code.
The exploit was reported by Ashley Shen and Christian Resell of the Google Threat Analysis Group, and that's all the information we have at this time. Details of the exploit are currently hidden behind a wall in the Chromium bug pool and are restricted to those actively working on related components and registered with Chromium. After a certain percentage of users have applied the relevant updates, these details may be revealed.
Google says the update (104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows) "will be rolling out over the next few days/weeks", but you can (and should) update Chrome manually now (check the "About" section of your settings).
10 more security fixes are included in the update. Dark Reading notes that this is Chrome's fifth disclosed zero-day vulnerability in 2022.
Expand / It's a good time to restart or update Chrome: If your tabs love you, they will come back.
Getty Images
