Google Chrome update squashes bug used to attack users

Latest Chrome patch addresses almost a dozen security flaws

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas patched a high-severity vulnerability for the desktop version of its Chromebrowser.

The flaw, tracked as CVE-2022-2856, is being actively exploited in the wild, the company says, which is why it’s paramount that users patch theirendpointsimmediately.

As is common, Google doesn’t want to say much about the flaw, until the majority ofChromeinstances have been patched. What it did say, though, is that this is an improper input validation bug, further described as “insufficient validation of untrusted input in Intents.”

Patching up holes

Patching up holes

The fix came as part of a larger update, covering a total of 11 vulnerabilities. Besides CVE-2022-2856, Google fixed these flaws, as well:

As per a report onThe Register, Google paid out at least $29,000 to bounty hunters who found and disclosed these vulnerabilities. The highest payout, of $7,000, went to researchers who found CVE-2022-2854 and CVE-2022-2855. Last year, the company paid out almost $9 million for numerous bug disclosures.

Google Chrome users told to update immediately or risk attack>Microsoft Edge gets emergency patch for severe zero-day vulnerability>Here are the best patch management tools out there

Being the world’s number one browser, Chrome is also the biggest target, with countless threat actors racing to find new zero-day vulnerabilities. Less than two months ago, Google fixed one such vulnerability for the Windows version, that was allegedly being exploited in the wild.

The high-severity bug, tracked as CVE-2022-2294, is a heap-based buffer overflow weakness.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics