Insufficient validation of untrusted input in Intents in Google Chrome on Android before 104.0.5112.101 allowed a remote malicious user to arbitrarily browse to a malicious website via a crafted HTML page.
Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.
The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with “insufficient validation of untrusted input in Intents,” according to the advisory posted by Google.
Google credits Ashley Shen and Christian Resell of its Google Threat Analys...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Chrome flaw has public exploit, WebKit hole actively abused along with kernel escalation How do you choose a Cloud Security Provider?
Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild.
That high-severity vulnerability, tracked as CVE-2022-2856, is an improper input validation bug, and as per usual, Google doesn't release many details about it until the bulk of Chrome users are updated and the code is fixed.
In an advisory, the internet giant described the flaw as "insufficient validation of untrusted input in Intents," and noted that it "is aware th...