Google announced an update connected Wednesday to the Stable transmission of its Chrome browser that includes a hole for an exploit that exists successful the wild.
CVE-2022-2856 is simply a hole for "insufficient validation of untrusted input successful Intents," according to Google's advisory. Intents are typically a mode to walk information from wrong Chrome to different application, specified arsenic the stock fastener connected Chrome's code bar. As noted by the Dark Reading blog, input validation is simply a common weakness successful code.
The exploit was reported by Ashley Shen and Christian Resell of the Google Threat Analysis Group, and that's each the accusation we person for now. Details of the exploit are presently tucked down a partition successful the Chromium bugs group and are restricted to those actively moving connected related components and registered with Chromium. After a definite percent of users person applied the applicable updates, those details whitethorn beryllium revealed.
Google says the update—104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows—will "roll retired implicit the coming days/weeks," but you tin (and should) manually update Chrome present (check the "About" conception of your settings).
There are 10 different information fixes included successful the update. Dark Reading notes that this is Chrome's 5th zero-day vulnerability disclosed successful 2022.
Listing representation by Getty Images