Google introduced an update on Wednesday to the Stable channel of its Chrome browser that features a repair for an exploit that exists within the wild.
CVE-2022-2856 is a repair for “inadequate validation of untrusted enter in Intents,” in response to Google’s advisory. Intents are usually an option to go information from inside Chrome to a different utility, such because the share button on Chrome’s deal with bar. As famous by the Dark Reading blog, enter validation is a common weakness in code.
The exploit was reported by Ashley Shen and Christian Resell of the Google Menace Evaluation Group, and that is all the knowledge we now have for now. Particulars of the exploit are presently tucked behind a wall within the Chromium bugs group and are restricted to these actively engaged on associated parts and registered with Chromium. After a sure proportion of customers have utilized the related updates, these particulars could also be revealed.
Google says the replacement—104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Home windows—will “roll out over the approaching days/weeks,” however you’ll be able to (and will) manually replace Chrome now (verify the “About” part of your settings).
There are 10 different safety fixes included within the replacement. Darkish Studying notes that that is Chrome’s fifth zero-day vulnerability disclosed in 2022.