Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnThe Hacker NewsTHN:EDC4E93542AFAF751E67BF527C826DA4
HistoryAug 17, 2022 - 12:02 p.m.

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

2022-08-1712:02:00
The Hacker News
thehackernews.com
610
google chrome
zero-day
vulnerability
patched
security flaws
cve-2022-2856
exploit
web browser
desktops
patch
insufficient validation
untrusted input
security researchers
google threat analysis group
use-after-free bugs
heap buffer overflow
macos
linux
windows
chromium-based browsers
microsoft edge
brave
opera
vivaldi

EPSS

0.041

Percentile

92.3%

JSON

Google Chrome Zero-Day Vulnerability

Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild.

Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.

As is typically the case, the tech giant has refrained from sharing additional specifics about the shortcoming until a majority of the users are updated. β€œGoogle is aware that an exploit for CVE-2022-2856 exists in the wild,” it acknowledged in a terse statement.

The latest update further addresses 10 other security flaws, most of which relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads.

The development marks the fifth zero-day vulnerability in Chrome that Google has resolved since the start of the year -

Users are recommended to update to version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Found this article interesting? Follow THN on Facebook, Twitter ο‚™ and LinkedIn to read more exclusive content we post.

Related

thn 12
threatpost 3
malwarebytes 5
qualysblog 1
prion 5
mscve 5
cve 5
hivepro 6
cisa_kev 5
attackerkb 5
checkpoint_advisories 2
alpinelinux 4
nvd 5
ubuntucve 5
debiancve 5
veracode 5
cvelist 5
osv 10
cnvd 2
vulnrichment 1
kaspersky 9
nessus 20
openvas 23
redhatcve 1
suse 5
freebsd 3
chrome 5
avleonov 2
debian 3
mageia 2
ubuntu 2
gitlab 9
fedora 3
ics 2
githubexploit 1
github 1
schneier 1
qt 1
packetstorm 1
trellix 6
securelist 2
apple 1
thn
thn
Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild
2022-07-05 02:55:00
Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability
2022-09-03 03:56:00
Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
2022-10-28 10:40:00
threatpost
threatpost
Google Patches Chrome’s Fifth Zero-Day of the Year
2022-08-18 14:31:38
Google Patches Actively Exploited Chrome Bug
2022-07-05 11:54:21
Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch
2022-03-25 13:19:59
malwarebytes
malwarebytes
Zero-day puts a dent in Chrome's mojo
2022-09-05 16:30:00
Update now! Chrome patches ANOTHER zero-day vulnerability
2022-07-05 13:56:04
Update now! Google releases emergency patch for Chrome zero-day used in the wild
2022-03-28 13:42:54
qualysblog
qualysblog
The 9th Google Chrome Zero-Day Threat this Year – Again Just Before the Weekend
2022-12-03 05:24:27
prion
prion
Heap overflow
2022-07-28 02:15:00
Input validation
2022-09-26 16:15:00
Type confusion
2022-07-26 22:15:00
mscve
mscve
Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC
2022-07-06 16:32:48
Chromium: CVE-2022-1364: Type Confusion in V8
2022-04-15 07:00:00
Chromium: CVE-2022-2856 Insufficient validation of untrusted input in Intents
2022-08-17 07:00:00
cve
cve
CVE-2022-2294
2022-07-28 02:15:07
CVE-2022-2856
2022-09-26 16:15:11
CVE-2022-1364
2022-07-26 22:15:09
hivepro
hivepro
Spyware Group Candiru exploits Chrome Zero-Day to Target Middle East
2022-07-28 06:06:37
Chrome’s zero-day flaw allows arbitrary code execution
2022-08-19 04:40:16
Google Chrome issues an emergency update to address the third zero-day of year 2022
2022-04-17 21:38:48
cisa_kev
cisa_kev
WebRTC Heap Buffer Overflow Vulnerability
2022-08-25 00:00:00
Google Chromium Intents Insufficient Input Validation Vulnerability
2022-08-18 00:00:00
Google Chromium V8 Type Confusion Vulnerability
2022-04-15 00:00:00
attackerkb
attackerkb
CVE-2022-2294
2022-07-28 00:00:00
CVE-2022-2856
2022-09-26 00:00:00
CVE-2022-1364
2022-07-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Google Chrome WebRTC Heap Buffer Overflow (CVE-2022-2294)
2022-09-22 00:00:00
Google Chrome Use After Free (CVE-2022-0609)
2022-03-27 00:00:00
alpinelinux
alpinelinux
CVE-2022-2294
2022-07-28 02:15:07
CVE-2022-1364
2022-07-26 22:15:09
CVE-2022-1096
2022-07-23 00:15:08
nvd
nvd
CVE-2022-2294
2022-07-28 02:15:07
CVE-2022-1364
2022-07-26 22:15:09
CVE-2022-2856
2022-09-26 16:15:11
ubuntucve
ubuntucve
CVE-2022-2294
2022-07-28 00:00:00
CVE-2022-2856
2022-09-26 00:00:00
CVE-2022-1364
2022-07-26 00:00:00
debiancve
debiancve
CVE-2022-2294
2022-07-28 02:15:07
CVE-2022-2856
2022-09-26 16:15:11
CVE-2022-1364
2022-07-26 22:15:09
veracode
veracode
Heap Buffer Overflow
2022-07-17 17:23:34
Improper Input Validation
2022-09-01 10:44:46
Type Confusion
2022-04-17 09:55:05
cvelist
cvelist
CVE-2022-2294
2022-07-28 00:00:00
CVE-2022-1364
2022-07-26 21:30:44
CVE-2022-2856
2022-09-26 15:01:12
osv
osv
CVE-2022-2294
2022-07-28 02:15:07
CVE-2022-2856
2022-09-26 16:15:11
chromium - security update
2022-04-16 00:00:00
cnvd
cnvd
Google Chrome Intents security bypass vulnerability
2022-08-18 00:00:00
Google Chrome Animation code execution vulnerability
2022-02-16 00:00:00
vulnrichment
vulnrichment
CVE-2022-2856
2022-09-26 15:01:12
kaspersky
kaspersky
KLA15723 DoS vulnerability in Microsoft Browser
2022-08-17 00:00:00
KLA12512 DoS vulnerability in Google Chrome
2022-04-14 00:00:00
KLA12538 DoS vulnerability in Opera
2022-03-29 00:00:00
nessus
nessus
Debian DSA-5121-1 : chromium - security update
2022-04-19 00:00:00
Microsoft Edge (Chromium) < 104.0.1293.60 Vulnerability
2022-08-18 00:00:00
Google Chrome < 100.0.4896.127 Vulnerability
2022-04-14 00:00:00
openvas
openvas
Microsoft Edge (Chromium-Based) Input Validation Vulnerability (Aug 2022)
2022-08-19 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_14-2022-04) - Linux
2022-04-19 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_14-2022-04) - Mac OS X
2022-04-19 00:00:00
redhatcve
redhatcve
CVE-2022-1364
2022-05-24 15:33:15
suse
suse
Security update for chromium (important)
2022-04-19 00:00:00
Security update for opera (important)
2022-05-02 00:00:00
Security update for chromium (important)
2022-07-13 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2022-04-14 00:00:00
chromium -- V8 type confusion
2022-03-25 00:00:00
chromium -- multiple vulnerabilities
2022-07-04 00:00:00
chrome
chrome
Chrome for Android Update
2022-04-14 00:00:00
Stable Channel Update for Desktop
2022-04-14 00:00:00
Stable Channel Update for Desktop
2022-03-25 00:00:00
avleonov
avleonov
Vulristics May 2022 Update: CVSS redefinitions and bulk adding Microsoft products from MS CVE data
2022-05-23 20:56:15
Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery
2022-07-23 08:34:29
debian
debian
[SECURITY] [DSA 5121-1] chromium security update
2022-04-16 18:29:01
[SECURITY] [DSA 5110-1] chromium security update
2022-03-28 07:03:21
[SECURITY] [DSA 5180-1] chromium security update
2022-07-11 17:47:32
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2022-03-28 19:23:37
Updated webkit2 packages fix security vulnerability
2022-08-20 13:04:13
ubuntu
ubuntu
Chromium vulnerability
2022-03-28 00:00:00
WebKitGTK vulnerabilities
2022-08-15 00:00:00
gitlab
gitlab
Use after free in Animation
2022-02-22 00:00:00
Use after free in Animation
2022-02-22 00:00:00
Use after free in Animation
2022-02-22 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: chromium-99.0.4844.84-1.fc34
2022-04-07 15:15:37
[SECURITY] Fedora 35 Update: chromium-99.0.4844.84-1.fc35
2022-04-07 15:26:48
[SECURITY] Fedora 36 Update: chromium-99.0.4844.84-1.fc36
2022-05-07 04:44:56
ics
ics
Rockwell Products Impacted by Chromium Type Confusion
2022-07-28 12:00:00
Rockwell Automation Connected Components Workbench
2023-09-21 12:00:00
githubexploit
githubexploit
Exploit for Type Confusion in Google Chrome
2022-03-29 20:06:33
github
github
Use after free in Animation
2022-02-22 21:51:19
schneier
schneier
Chrome Zero-Day from North Korea
2022-03-31 11:13:50
qt
qt
Security advisory: Recently reported Chromium "Type confusion" issue impacts Qt WebEngine
2022-04-04 00:00:00
packetstorm
packetstorm
Chrome CVE-2022-1096 Incomplete Fix
2022-06-20 00:00:00
trellix
trellix
The Bug Report – July 2022 Edition
2022-08-03 00:00:00
The Bug Report – July 2022 Edition
2022-08-03 00:00:00
The Bug Report - March 2022 Edition
2022-04-06 00:00:00
securelist
securelist
IT threat evolution in Q2 2022. Non-mobile statistics
2022-08-15 12:00:43
IT threat evolution in Q1 2022. Non-mobile statistics
2022-05-27 08:00:05
apple
apple
About the security content of Safari 15.6
2022-07-20 00:00:00

EPSS

0.041

Percentile

92.3%

JSON
Related for THN:EDC4E93542AFAF751E67BF527C826DA4
thn12threatpost3malwarebytes5qualysblog1prion5mscve5cve5hivepro6cisa_kev5attackerkb5checkpoint_advisories2alpinelinux4nvd5ubuntucve5debiancve5veracode5cvelist5osv10cnvd2vulnrichment1kaspersky9nessus20openvas23redhatcve1suse5freebsd3chrome5avleonov2debian3mageia2ubuntu2gitlab9fedora3ics2githubexploit1github1schneier1qt1packetstorm1trellix6securelist2apple1