Google chrome update removes a bug that attacks users. This is coming as the latest chrome patch addresses close to a dozen security flaws that have been affecting the platform.
Google Chrome Update Removes Bug That Attacks Users
Tech Company Google has now patched high-severity vulnerability for the desktop version of the Chrome browser.
The flaw which is tracked as CVE-2022-2856 is actively being exploited in the wild according to the company. And this is the reason why it is important that users patched their endpoints as soon as possible.
As it is a common practice, Google does not really want to say much about the flaw not until most parts of chrome instances have been repaired and patched. What the company did say though is that it is an improper input validation bug and it further described it as “insufficient validation of untrusted input in Intents.”
Other Holes Patched By Google
The fix is coming as part of a bigger update thus covering 11 vulnerabilities in total. And besides the CVE-2022-2856, Google also fixed all these other flaws as well;
- CVE-2022-2852 (critical): Use after free in FedCM
- CVE-2022-2854 (high): Use after free in SwiftShader
- CVE-2022-2855 (high): Use after free in ANGLE
- CVE-2022-2857 (high): Use after free in Blink
- CVE-2022-2858 (high): Use after free in Sign-In Flow.
- CVE-2022-2853 (high): Heap buffer overflow in Downloads
- CVE-2022-2859 (medium): Use after free in Chrome OS Shell
- CVE-2022-2860 (medium): Insufficient policy enforcement in Cookies
- CVE-2022-2861 (medium): Inappropriate implementation in Extensions API
Google paid out at least $29,000 to bounty hunters who found out about these vulnerabilities and disclosed them according to a report on The Register. The highest payout however went to the researcher who found CVE-2022-2854 and CVE-2022-2855. The company last year paid out close to $9 million for the disclosures of various bugs.
Chrome Is a Big Target Because It Is One of the Best Browsers in the World
Chrome being one of the biggest if not the number one browser in the world is the biggest target with many threat actors looking for new ways to find new zero-day vulnerabilities. Google less than two months ago fixed one such vulnerability for the windows version of chrome, one that was allegedly being exploited in the wild.
The high severity bug that is tracked as CVE-2022-2294 is a heap-based buffer overflow type of weakness.