Google Chrome offers an update including eleven security patches. The browser thus protects itself from a critical vulnerability as well as from a zero-day flaw that has potentially been actively exploited.
Google has announced the deployment of a new update for Chrome. This applies 11 security patches to the browser, including one correcting a security flaw considered critical and another attacking a zero-day vulnerability.
The most severe flaw is CVE-2022-2852, which has a risk level of 8.8. Google Chrome may allow a remote attacker execute arbitrary code system-wide or cause a crash due to a use-after-free (UAF), an issue involving incorrect DRAM operation, in the FedCM API. The vulnerability was discovered by Sergei Glazunov of Google Project Zero.
Critical Security Flaw and Zero-Day Vulnerability Fixed by Latest Chrome Update
The zero-day security breach CVE-2022-2856 is considered less dangerous, but has already been actively exploited by hackers. It concerns insufficient validation of inputs that have not been validated as trusted in the Intents API, which is used to transfer data from Chrome to an application. The share button in the address bar, for example, uses this API. Ashley Shen and Christian Resell of the Google Threat Analysis Group were behind the discovery of this vulnerability.
The new version of Chrome taking these fixes into account is 104.0.5112.101 on Linux and Mac, and 104.0.5112.102/101 on Windows. It will be automatically installed on your computer in the days or weeks to come. To get it right now, all you have to do is open the Chrome menu, go to the section Assistance and choose About Google Chrome. The update will then be directly downloaded and installed after restarting the browser.
Source : Google
