Chrome update patches high-severity security flaw exploited in the wild

Google has released an update for its Chrome browser that fixes 11 security vulnerabilities, including a high-severity flaw actively exploited in the wild.

External security researchers reported ten of the bugs.

Google confirmed that one of the security vulnerabilities, tracked as CVE-2022-2856, was a zero-day flaw exploited in the wild.

Google describes the vulnerability as involving “insufficient validation of untrusted input in Intents”.

Chrome uses Intents to process user input. According to the CWE, improper input validation could let attackers crash applications, overload system resources, read confidential data, and remotely execute code.

Ashley Shen and Christian Resell of Google’s Threat Analysis Group reported the exploit.

BleepingComputer reported that this update addresses the fifth zero-day vulnerability exploited in the wild.

As is typical for Google, access to bug details and links is restricted until most Chrome users have installed the security update.

“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” Google said.

Chrome users should update to version 104.0.5112.10 on Mac and Linux, and version 104.0.5112.102/101 on Windows.

To update, users must navigate to Help/Settings > About Chrome. After the update has been installed, Chrome users will see the option to relaunch the browser.

Now read: Google patches major Chrome security flaw attackers are actively exploiting