Google Chrome Zero-Day Found Exploited in the Wild

  /     /     /  
Publicated : 23/11/2024   Category : security

Google Chrome Zero-Day Found Exploited in the Wild


The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.


A zero-day security vulnerability in Googles Chrome browser is being actively exploited in the wild.
The Internet behemoth released 11 security patches for Chrome this week, which are now being pushed out in stages to those with automatic updates enabled for Windows, Mac, and Linux; however, everyone can manually update now.
The zero-day (CVE-2022-2856) is rated as high severity and involves “insufficient validation of untrusted input in Intents,” according to
Googles advisory
.
Intents, where the bug resides, are used by Chrome to process user input; if the browser doesnt validate this input properly, an attacker is able to specially craft an input (say, a post in the comments section of a website) thats not expected by the application.
This will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution,
according to MITRE
.
Other details of the bug are scant — Google usually restricts details until a quorum of users have applied the updates.
Still, “Google is aware that an exploit for CVE-2022-2856 exists in the wild,” reads the alert, so users should patch now.
This is the fifth actively exploited zero-day vulnerability disclosed in
Chrome in 2022
. The previous four were: CVE-2022-0609 (February), CVE-2022-1096 (March),
CVE-2022-1364
(April), and
CVE-2022-2294
(July).

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Google Chrome Zero-Day Found Exploited in the Wild