Description
Google has released a security update in the form of patches for the Chrome browser. This security update addresses several vulnerabilities. One such vulnerability is the recently discovered zero-day flaw, CVE-2022-2856, which is being exploited in the wild.
Summary
The update is being introduced for Windows, Mac and Linux Operating Systems. Of the many vulnerabilities the update was designed to resolve, it seeks to address CVE-2022-2856 which is described as a high-severity security issue that stem from insufficient validation of untrusted input in Intents.
The newly released update is said to be the fifth zero-day vulnerability in Chrome that was fixed by Google during the year, 2022, thus far.
How it works
It was reported that bad input validation in software can possibly pave the way for the realisation of overriding protections or exceeding the scope of the intended functionality. Such activity may lead to:
buffer overflow
directory traversal
SQL injection
cross-site scripting
null byte injection, and more
Remediation
The following are the steps to install the mentioned update:
1. On the browsers settings, select About Chrome Let the browsers internal checker scan for available updates.
2. Restart the program when the download is completed so that the security updates can be applied.
It should be noted that although the update seeks to rectify the vulnerability that has been exploited by threat actors, users should shift to the latest version of the browser, the soonest.
The Guyana National CIRT recommends that users and administrators review this alert and make changes where necessary.
PDF Download: Google has patched the fifth Chrome zero-day vulnerability discovered this year.pdf
References
https://thehackernews.com/2022/08/new-google-chrome-zero-day.html