Google on Tuesday rolled out patches to the Chrome browser for desktop computers to contain an actively exploited high-severity zero-day flaw in the wild.
Tracked as CVE-2022-2856the problem was described as a case of insufficient validation of untrusted inputs in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group were credited with reporting the flaw on July 19, 2022.
As is usually the case, the tech giant has refrained from sharing additional details about the flaw until the majority of users have updated. “Google is aware that an exploit for CVE-2022-2856 exists in the wild,” it acknowledged in a terse statement.
The latest update also fixed 10 other security flaws, most of which are related to use-after-release bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. A heap buffer overflow vulnerability in downloads has also been fixed.
The development marks the fifth zero-day vulnerability in Chrome that Google has fixed since the start of the year –
Users are recommended to update to version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply patches as they become available.