Google released patches for Chrome, which in total eliminated more than a dozen vulnerabilities in the browser. Among these problems was a serious zero-day vulnerability that is already being exploited in real attacks.
Developers traditionally do not reveal almost any technical details about this 0-day bug, as they do not want to “prompt” hackers and want to give users as much time as possible to install updates.
The vulnerability is known to be tracked as CVE-2022-2856 and was discovered by the company’s own experts at the Google Threat Analysis Group (TAG). The description of the problem states that it is related to insufficient validation of untrusted inputs in Intents (a feature that allows you to launch applications and web services directly from the page).
This vulnerability is the fifth 0-day patched in Chrome this year. Let me remind you that earlier in 2022, Google engineers fixed problems CVE-2022-1096, CVE-2022-0609, CVE-2022-1364 and CVE-2022-2294 in the browser.
Other vulnerabilities closed this week are mostly use-after-free in various components, including FedCM, SwiftShader, ANGLE, and Blink. The heap buffer overflow issue in Downloads has also been fixed.