Threatpost reports that Google has released fixes for an actively exploited zero-day flaw in the Chrome browser and 10 other Chrome vulnerabilities as part of a stable channel update.
Inadequate validation of untrusted Intents input has prompted the exploited high-severity zero-day, tracked as CVE-2022-2856, which has been reported by Google Threat Analysis Group's Christian Resell and Ashley Shen.
"Instead of assigning window.location or an iframe.src to the URI scheme, in Chrome, developers need to use their intent string as defined in this document," said Google.
Details about the flaw have only been shared after the release of the patch, which Tenable Senior Staff Engineer Satnam Narang has praised as a wise move.
Google has previously addressed four more actively abused zero-days in Chrome this year, including a heap buffer overflow bug in WebRTC, tracked as CVE-2022-2294; another buffer overflow vulnerability, tracked as CVE-2022-1364; and type confusion flaws, tracked as CVE-2022-1364 and CVE-2022-1364.
TechCrunch reports that major U.S. healthcare revenue and payment cycle management provider Change Healthcare had its systems targeted by a cyberattack on Feb. 20, which resulted in the loss of access across most of the prescription processor's login pages.