Read Time:1 Minute, 43 Second
The Google Chrome team’s Srinivas Sista confirmed that the most recent Chrome version had patched 11 security vulnerabilities, ranging in severity from medium to critical, in a bulletin released on August 16. A zero-day vulnerability among them is CVE-2022-2856.
Zero-Day attacks target zero-day vulnerabilities that are so recent that security companies have never noticed them and have zero time to patch them. These are security flaws in computer programs unknown to the vendor or developer. As a result, the vulnerability is exploitable by attackers until a patch or other remedies are made available.
According to the US Cybersecurity and Infrastructure Security Agency, customers that don’t patch CVE-2022-22536 could be vulnerable to ransomware attacks, data theft, financial fraud, and other costly business disruptions.
Chrome users are at risk, regardless of whether they use Windows, Mac, or Linux. Ensure that you installed the most recent Chrome update in your browser. Mac, Linux, and Windows users can access Chrome via updated versions 104.0.5112.101 or 104.0.5112.102, respectively.
Until most users have installed and enabled the update, not much information is being made public regarding the zero-day vulnerability.
Google did, however, acknowledge that on July 19, hackers Ashley Shen and Christian Resell from the Google Threat Analysis Group disclosed CVE-2022-2856, “insufficient validation of untrusted input in Intents.”
The Intents technology is in the background when processing user input or responding to a system event. Anyone who can create malicious information might take advantage of this vulnerability, which could cause Chrome to validate it erroneously and allow arbitrary code execution or system takeover.
A successful attack could compromise the system’s confidentiality, integrity, and availability, warns the National Institute of Standards and Technology. “An unauthenticated attacker can prepend a victim’s request with arbitrary data. This way, the attacker can execute functions posing as the victim or poison intermediary Web caches.”
Maintain a reliable firewall and current antivirus software, limit user access, back up your data, and utilize a network intrusion protection system to mitigate damages.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
