NA

CVE-2022-2856

Published: 26/09/2022 Updated: 26/09/2022

Vulnerability Summary

Insufficient validation of untrusted input in Intents in Google Chrome on Android before 104.0.5112.101 allowed a remote malicious user to arbitrarily browse to a malicious website via a crafted HTML page.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vendor Advisories

Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure For the stable distribution (bullseye), these problems have been fixed in version 10405112101-1~deb11u1 We recommend that you upgrade your chromium packages For the detailed security status o ...
The Stable channel has been updated to 10405112101 for Mac and Linux and 10405112102/101 for Windows which will roll out over the coming days/weeks Extended stable channel has been updated to 10405112101 for Mac and 10405112102 for Windows , which will roll out over the coming days/weeksA full list of changes in this build is avai ...

Recent Articles

Google Patches Chrome’s Fifth Zero-Day of the Year
Threatpost • Elizabeth Montalbano • 18 Aug 2022

Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.
The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with “insufficient validation of untrusted input in Intents,” according to the advisory posted by Google.
Google credits Ashley Shen and Christian Resell of its Google Threat Analys...

Google, Apple squash exploitable browser bugs
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Chrome flaw has public exploit, WebKit hole actively abused along with kernel escalation How do you choose a Cloud Security Provider?

Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild.
That high-severity vulnerability, tracked as CVE-2022-2856, is an improper input validation bug, and as per usual, Google doesn't release many details about it until the bulk of Chrome users are updated and the code is fixed.
In an advisory, the internet giant described the flaw as "insufficient validation of untrusted input in Intents," and noted that it "is aware th...