So, here’s a quick guide on getting your Google Chrome browser up to date, assuming that your desktop browser hasn’t updated automatically and you need to get it done ASAP. As far as we know, it was spotted by the Google Threat Analysis Group in mid-July 2022. Typically, the exact details of a vulnerability won’t be revealed until a sufficient number of users have patched it, to prevent further exploitation. One such example was Operation Dream Job and Operation AppleJeus, where North Korean hackers exploited a (now defunct) Chrome vulnerability to target fintech, crypto, news media, and IT companies. It’s a big deal because Google stated that the exploit for such a vulnerability “exists in the wild”, which is developer-speak for “naughty people are exploiting it already”. That’s also not helped by bad input validation, so a skilled bad actor can exploit these gaps to do bad things (for example, SQL injection without your knowledge) via an outdated Google Chrome browser. For those not in the know, Intents refer to a developer concept and procedure, where an Intent requests action (like starting an activity or services) from an app component.Īccording to BleepingComputer, one such use of Intents is to launch applications or web services directly from a web page. Patch the gap: How to update your Google Chrome browserīy now, you should have seen or heard of CVE-2022-2856, an ambiguous, zero-day vulnerability in Google Chrome that was only properly addressed just days ago.Īccording to the Chrome team’s blog, CVE-2022-2856 was described as a high-severity issue because of “Insufficient validation of untrusted input in Intents”.
0 kommentar(er)
