Google Patches Chrome's Fifth Zero-Day of the Year
Briefly

Google Patches Chrome's Fifth Zero-Day of the Year
"Google has patched a fifth zero-day vulnerability in Chrome for 2022. Tracked as CVE-2022-2856, it involves insufficient validation of untrusted input in Intents, allowing for arbitrary code execution."
"The bug, reported by Ashley Shen and Christian Resell, received high severity ratings on the CVSS. Google addressed this vulnerability through a stable channel update."
"Intents, a feature in Chrome for deep linking on Android, replaced URI schemes but introduced complexity. They manage the scenario where a mobile app isn't installed for the link."
"Insufficient validation may lead to unexpected input handling, resulting in arbitrary code execution and control over system resources, which can pose serious security risks."
Google has released a stable channel update addressing a serious zero-day vulnerability in Chrome, tracked as CVE-2022-2856. This vulnerability is associated with insufficient validation of untrusted input in Intents, a feature facilitating deep linking on Chrome for Android devices. The bug was reported on July 19 by researchers from Google's Threat Analysis Group and is rated high on the Common Vulnerability Scoring System. In addition to this critical fix, the update includes patches for ten other Chrome issues related to security and functionality, enhancing overall browser safety.
Read at kasperskycontenthub.com
Unable to calculate read time
[
|
]