
Google has uncovered that threat actors are exploiting a previously unknown Chrome browser flaw.
Google detected the high-severity flaw with the help of its own security researchers and its a zeroday exploit.
The flaw has been given the designation CVE-2022-2856. As usual Google has only described the exploit as involving insufficient validation of untrusted input in Intents.
These intents can allow a web page to access and run a third-party app over the browser session. Hence, there’s a good chance hackers are using the zero-day exploit to serve up malicious apps through a web page or phishing email.
CVE-2022-2856 marks the fifth time this year Google has patched an actively exploited flaw in the Chrome browser.
The patch for CVE-2022-2856 should begin rolling out to the Chrome browser for Windows, macOS, and Linux devices in the coming days and weeks via Chrome version 104.0.5112.101/102.
You can check which version of Chrome you’re running by going to the About Google Chrome function. The same function will also automatically begin downloading the latest Chrome version once it becomes available