Cloud Security, Application security, Endpoint/Device Security

Google fixes Chrome zero-day vulnerability

Threatpost reports that Google has released fixes for an actively exploited zero-day flaw in the Chrome browser and 10 other Chrome vulnerabilities as part of a stable channel update. Inadequate validation of untrusted Intents input has prompted the exploited high-severity zero-day, tracked as CVE-2022-2856, which has been reported by Google Threat Analysis Group's Christian Resell and Ashley Shen. "Instead of assigning window.location or an iframe.src to the URI scheme, in Chrome, developers need to use their intent string as defined in this document," said Google. Details about the flaw have only been shared after the release of the patch, which Tenable Senior Staff Engineer Satnam Narang has praised as a wise move. Google has previously addressed four more actively abused zero-days in Chrome this year, including a heap buffer overflow bug in WebRTC, tracked as CVE-2022-2294; another buffer overflow vulnerability, tracked as CVE-2022-1364; and type confusion flaws, tracked as CVE-2022-1364 and CVE-2022-1364.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.