Threatpost reports that Google has released fixes for an actively exploited zero-day flaw in the Chrome browser and 10 other Chrome vulnerabilities as part of a stable channel update.
Inadequate validation of untrusted Intents input has prompted the exploited high-severity zero-day, tracked as CVE-2022-2856, which has been reported by Google Threat Analysis Group's Christian Resell and Ashley Shen.
"Instead of assigning window.location or an iframe.src to the URI scheme, in Chrome, developers need to use their intent string as defined in this document," said Google.
Details about the flaw have only been shared after the release of the patch, which Tenable Senior Staff Engineer Satnam Narang has praised as a wise move.
Google has previously addressed four more actively abused zero-days in Chrome this year, including a heap buffer overflow bug in WebRTC, tracked as CVE-2022-2294; another buffer overflow vulnerability, tracked as CVE-2022-1364; and type confusion flaws, tracked as CVE-2022-1364 and CVE-2022-1364.
Modern integrated graphics processing units, including those manufactured by AMD, Arm, Apple, Intel, Qualcomm, and Nvidia, could be targeted to expose sensitive data through the new GPU.zip side-channel attack, which exploits graphical data compression, The Hacker News reports.
U.S. critical infrastructure organizations have been noted by the Department of Homeland Security to be at risk of cyberattacks leveraging artificial intelligence, with China and other nation-states exploiting the technology to deploy more advanced malware attacks and influence operations, CyberScoop reports.