• Zero-Day hole exploited in the wild – Google Chrome

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Zero-Day hole exploited in the wild – Google Chrome



    1) Google fixes fifth Chrome zero-day bug exploited this year

    “Google has released a security update for the Chrome browser that addresses close to a dozen vulnerabilities, including a zero-day flaw that is being exploited in the wild.”

    “The most recent one is tracked as CVE-2022-2856 and it is described as a high-severity security issue due to “insufficient validation of untrusted input in Intents,” a feature that enables launching applications and web services directly from a web page.

    Bad input validation in software can serve as a pathway to overriding protections or exceeding the scope of the intended functionality, potentially leading to buffer overflow, directory traversal, SQL injection, cross-site scripting, null byte injection, and more.

    The vulnerability was discovered and reported by Ashley Shen and Christian Resell, both members of the Google Threat Analysis Group (TAG).

    “Google is aware that an exploit for CVE-2022-2856 exists in the wild,” explains the internet giant in the security advisory published yesterday.”

    2) Chrome browser gets 11 security fixes with 1 zero-day – update now!

    “The latest update to Google’s Chrome browser is out, bumping the four-part version number to 104.0.5112.101 (Mac and Linux), or to 104.0.5112.102 (Windows).

    According to Google, the new version includes 11 security fixes, one of which is annotated with the remark that “an exploit [for this vulnerability] exists in the wild”, making it a zero-day hole.

    The name zero-day is a reminder that there were zero days on which even the most well-informed and proactive user or sysadmin could have been patched ahead of the Bad Guys.”

    Folks should also watch out for follow-up updates/fixes on other Chromium-based browsers including Microsoft Edge:


    1 user thanked author for this post.
    Viewing 2 reply threads
    • #2471394

      Release notes for Microsoft Edge Stable Channel

      “Version 104.0.1293.63 : August 19


      This update contains a fix for CVE-2022-2856, which has been reported by the Chromium team as having an exploit in the wild.”


      1 user thanked author for this post.
    • #2471454

      Brave already up-to-date

    • #2482244

      The CVE-2022-0609 zero-day issue that was resolved today is defined as a “Use after free in Animation” and was assigned a High severity level. Clément from Google’s Threat Analysis Group uncovered this vulnerability. Data Controlling Language (DCL) is one of these languages, and it is used to edit and retrieve data by creating specialized SQL queries using the grant command. It includes two commands: grant and revokes, which are used to grant and revoke particular rights (as specified by query) to users in a multi-user database.
      Attackers frequently leverage free flaws to execute arbitrary code on machines running unpatched Chrome versions or to circumvent the browser’s security sandbox.

      While Google stated that it has identified attacks leveraging this zero-day vulnerability, it did not provide any more information about these occurrences or technical specifics about the issue. Access to problem details and links may be restricted until the majority of users have received a remedy. In addition to the zero-day vulnerability, this Google Chrome version patched seven additional security flaws, with all but one classed as ‘High’ severity.

      1 user thanked author for this post.
    Viewing 2 reply threads
    Reply To: Zero-Day hole exploited in the wild – Google Chrome

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: