Security News > 2022 > August > New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild
Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild.
Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.
"Google is aware that an exploit for CVE-2022-2856 exists in the wild," it acknowledged in a terse statement.
Also fixed is a heap buffer overflow vulnerability in Downloads.
The development marks the fifth zero-day vulnerability in Chrome that Google has resolved since the start of the year -.
Users are recommended to update to version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to mitigate potential threats.
News URL
https://thehackernews.com/2022/08/new-google-chrome-zero-day.html
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-26 | CVE-2022-2856 | Improper Input Validation vulnerability in multiple products Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. | 6.5 |