August 17, 2022

Google Patches 11 Chrome Vulnerabilities and 1 Actively Exploited Zero-Day

Google has released an emergency update for Chrome, addressing RCE vulnerabilities including an actively exploited Zero-Day.

The newly released Chrome version 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows, addresses 11 vulnerabilities overall.

The Zero-Day Vulnerability

• CVE-2022-2856, High-severity – The vulnerability caused by “insufficient validation of untrusted input in Intents,” a feature that allows users to launch programs and web services straight from a web page.

Successful exploitation of this vulnerability may lead to Remote Code Execution, and potentially – full system compromise.

Affected Products

• Chrome for Desktop prior to version  104.0.5112.101.
• Since the vulnerability affects all unpatched Chromium based browsers, new updates should be monitored in browsers such as Opera, Firefox, and Edge.

Mitigation

CYREBRO recommends to updating browsers to the latest Chrome version, 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows.

References: Google Chrome Advisory