Cybersecurity Google Confirms Chrome Zero-Day #5 As Attacks Begin, Update Now Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own. Co-founder, Straight Talking Cyber New! Follow this author to stay notified about their latest stories. Got it! Aug 18, 2022, 03:19am EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin If you are a Chrome browser user, be that in Windows, Mac, or Linux flavor, Google has some bad news for you.
Attackers are already exploiting a high-impact security vulnerability that could lead to them gaining control of a system resource or to arbitrary code execution. This is the fifth zero-day Google has had to deal with in 2022 so far. MORE FROM FORBES New Smartphone Threat Brings Ransomware To Android & Targets Gmail Cookies By Davey Winder What is the Google Chrome CVE-2022-2856 Zero-Day? In an advisory posted August 16, Srinivas Sista from the Google Chrome team, confirms that a total of eleven security vulnerabilities , ranging from medium to critical impact, have been fixed in the latest Chrome update.
One of these, CVE-2022-2856 , is the zero-day in question. “Google is aware that an exploit for CVE-2022-2856 exists in the wild,” Sista stated. Not much detail is being made public about the zero-day vulnerability until a majority of users have had time to ensure the update is installed and activated.
However, Google does confirm that CVE-2022-2856 was reported by hackers from within the Google Threat Analysis Group, Ashley Shen and Christian Resell, on July 19. It is, the advisory states, an “insufficient validation of untrusted input in Intents. ” Which will be as clear as mud for most users.
MORE FROM FORBES Cisco Hacked: Ransomware Gang Claims It Has 2. 8GB Of Data By Davey Winder MORE FOR YOU iOS 15: Apple Issues 22 Important iPhone Security Updates Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking iOS 15 Is Available Now With These Stunning New iPhone Privacy Features All I can add, at this point, in an attempt to clarify, is that the ‘intents’ mentioned are how Chrome processes user input. It is possible, although, again, I cannot confirm the precise technical details of CVE-2022-2856, that by creating a malicious input that prevents Chrome from validating it, potentially leading to arbitrary code execution.
What steps do you need to take to secure Google Chrome? What I can say with complete confidence is that you should check your browser has updated to the latest Chrome version as soon as possible. For Mac and Linux users, this will be Chrome 104. 0.
5112. 101, while for Windows users, it could be either 104. 0.
5112. 101 or 104. 0.
5112. 102, just for some additional unwanted confusion. While Chrome should update automatically, it is recommended that you force the update check to be safe.
You also need to perform one additional step before your browser will be secured against this zero-day and the other disclosed threats. Relaunch your Chrome browser to activate the Google security update Google, Davey Winder Go to the About Google Chrome entry in the browser menu, which will force a check for any available update. Once that update has been downloaded and installed, a relaunch button will become available.
After relaunching the browser, the update will activate and protect you from the fifth Google Chrome zero-day of the year. MORE FROM FORBES Microsoft Confirms High-Impact Windows 10, 11 & Server Attacks-Update Now By Davey Winder As other browsers that are based around the Chromium engine will likely be impacted by the same vulnerabilities, expect updates for the likes of Brave, Edge and Opera to follow in due course. Follow me on Twitter or LinkedIn .
Check out my website or some of my other work here . Davey Winder Editorial Standards Print Reprints & Permissions.
From: forbes
URL: https://www.forbes.com/sites/daveywinder/2022/08/18/google-confirms-chrome-zero-day-5-as-attacks-begin-update-now/