A new Google Chrome vulnerability, which is actively exploited, haunts the most popular web browser on the market. This has already been closed by Google, but the corresponding update will not be rolled out until soon.
Google Chrome security vulnerability discovered
On August 16, Google announced a new update for the Chrome browser, which mainly brings many security improvements. However, one of these security holes has already been actively exploited. Of the total of eleven closed gaps, however, at least one is said to have already been exploited.
Specifically, this is the vulnerability with the designation CVE-2022-2856, which refers to an “insufficient validation of untrusted input in intents”. The flaw was reported back in July by Ashley Shen and Christian Resell from Google’s Threat Analysis Group.
However, the tech giant did not provide concrete details about the Google Chrome vulnerability. Intents are usually used to transfer data from Chrome to other programs. This includes, for example, the Share button from the browser’s address bar, as ArsTechnica reported.
Manual update needed
To fix the Google Chrome vulnerability, a manual update of the browser is required. Chrome version 104.0.5112.101 for Linux and macOS and 104.0.5112.102/101 for Windows is expected to be rolled out in the coming “days or weeks.” It fixes ten other issues in addition to the aforementioned vulnerability.
You can easily find out which Chrome version you are currently using in the browser’s settings. Meanwhile, Google had only recently revealed that its own alternative to third-party cookies is delayed again. The Privacy Sandbox is now not expected to find its way into the in-house browser Google Chrome until 2024.