reports that Google has released fixes for an actively exploited zero-day flaw in the Chrome browser
and 10 other Chrome vulnerabilities as part of a stable channel update.
Inadequate validation of untrusted Intents input has prompted the exploited high-severity zero-day, tracked as CVE-2022-2856, which has been reported by Google Threat Analysis Group's Christian Resell and Ashley Shen.
"Instead of assigning window.location or an iframe.src to the URI scheme, in Chrome, developers need to use their intent string as defined in this document," said Google.
Details about the flaw have only been shared after the release of the patch, which Tenable Senior Staff Engineer Satnam Narang has praised as a wise move.
Google has previously addressed four more actively abused zero-days in Chrome this year, including a heap buffer overflow bug in WebRTC, tracked as CVE-2022-2294; another buffer overflow vulnerability, tracked as CVE-2022-1364; and type confusion flaws, tracked as CVE-2022-1364 and CVE-2022-1364.