Google Chrome finally issued a patch for Its Zero day Exploit 5th time in 2022

One zero-day vulnerability that is now being used in the wild has been fixed in a security update from Google for the Chrome browser.

Linux, Mac, and Windows are currently receiving the security update. Users who have enabled automatic updates should start receiving them in the next few days or weeks.

Until a significant portion of Chrome users have installed the security update, Google normally withholds many technical details about the zero-day vulnerabilities they resolve.

The most recent one, CVE-2022-2856, is identified as a high-severity security flaw because it “inadequately validates untrusted input in Intents,” a feature that allows users to start web services and applications straight from web pages.

Poor input validation in software can open the door to bypassing security measures or going beyond the intended functionality, potentially opening the door to buffer overflow, directory traversal, SQL injection, cross-site scripting, null byte injection, and other vulnerabilities.

Ashley Shen and Christian Resell, both members of the Google Threat Analysis Group, found and reported the vulnerability (TAG).

Google acknowledges that a CVE-2022-2856 vulnerability is present in the wild, according to the company’s security alert from yesterday.

Five-day zero-day patched in 2022

The most recent Chrome update fixes the sixth zero-day vulnerability that has been actively exploited by threat actors in Google Chrome this year:

These four came before them:

4 July CVE-2022-2294

April 14: CVE-2022-1364

the 25th of March, CVE-2022-1096

February 14—CVE-2022-0609 (exploited by North Korean hackers in phishing campaigns)

Go to the browser’s settings, choose “About Chrome,” and then let the internal checker run a search for any available updates to start the upgrade right away. Restart the programme to apply the security update after the download is finished.