Dangerous Bug Found in Google Chrome, Users Urged to Immediately Update

Slimjet bug reports
Post Reply
stevekasian
Posts: 11
Joined: Sun Oct 02, 2016 6:29 pm

Dangerous Bug Found in Google Chrome, Users Urged to Immediately Update

Post by stevekasian »

Dangerous Bug Found in Google Chrome, Users Urged to Immediately Update
By Jack Phillips (Epoch Times) August 25, 2022 Updated: August 26, 2022


A Google Chrome bug [a Zero Day Exploit] was discovered that is actively being exploited by hackers, according to the company in a recent update.

Google released a fix for the bug earlier this week (https://chromereleases.googleblog.com/2 ... op_16.html), updating Chrome to version 104.0.5112.101 on Mac and Linux and version 104.0.5112.102/101 on Windows. If the fix hasn’t been already installed on Chrome—or if you haven’t restarted your computer, the update can be initiated by going to Chrome’s “About” menu.

Few details about the security exploit were released by Google. However, the company said that “Google is aware that an exploit … exists in the wild,” suggesting that malicious actors are using the bug to target non-updated versions of the browser.

The bug fix impacts CVE-2022-2856, or “insufficient validation of untrusted input in Intents,” according to Google.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” Google said.

Security researchers at Sophos wrote that the CVE-2022-2856 bug impacts Chrome Intent, or a “mechanism for triggering apps directly from a web page, in which data on the web page is fed into an external app that’s launched to process that data.”

“The danger seems rather obvious if the known exploit involves silently feeding a local app with the sort of risky data that would normally be blocked on security grounds,” they wrote.

According to the security blog Dark Reading (https://www.darkreading.com/application ... oited-wild), the bug “is the fifth actively exploited zero-day vulnerability disclosed in Chrome in 2022” as the “previous four were: CVE-2022-0609 (February), CVE-2022-1096 (March), CVE-2022-1364 (April), and CVE-2022-2294 (July).”

To update or check on the version of Chrome on Mac and Windows, click “More,” “Help,” “About Google Chrome,” and “Update Google Chrome.”

Microsoft Edge, which uses Chromium, also wrote it “is aware of the recent exploit existing in the wild. We are actively working on releasing a security patch as reported by the Chromium team.”

Last week, fellow Big Tech giant Apple released a bugfix for iOS devices including the iPhone, Macbook, iPad, and other products. After the development, the U.S. Cybersecurity and Infrastructure Agency urged users and administrators to immediately update their software.

“Apple has released security updates to address vulnerabilities in macOS Monterey, iOS and iPadOS, and Safari. An attacker could exploit one of these vulnerabilities to take control of an affected device,” said the agency.

Post Reply