Google has released security updates for many vulnerabilities, including the zero-day vulnerability for the Chrome browser.
These defects are known to be actively exploited in the wild. Defined as a case of insufficient validation of untrusted inputs in Intents, the flaw is tracked with code CVE-2022-2856 (CVSS: N/A).
The firm refrained from sharing additional relevant details until users made the updates.
Regarding the issue, “Google is aware that an exploit for CVE-2022-2856 exists in the wild.” the company said.
The latest update includes a stack buffer overflow vulnerability in Downloads and 10 other vulnerabilities related to post-freeware bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink.
The security update is currently available for Windows, Mac and Linux.
The zero-day vulnerabilities in Chrome that Google has resolved since the start of the year :
- CVE-2022-0609 (CVSS: 8.8) – Use-after-free in Animation
- CVE-2022-1096 (CVSS: 8.8) – Type confusion in V8
- CVE-2022-1364 (CVSS: 8.8) – Type confusion in V8
- CVE-2022-2294 (CVSS: 8.8) – Heap buffer overflow in WebRTC