Table of Contents
  • Home
  • /
  • Blog
  • /
  • 10 New 0-Day Vulnerabilities in Chrome - Update Your Browser ASAP
March 1, 2024
|
4m

10 New 0-Day Vulnerabilities in Chrome - Update Your Browser ASAP


10 New 0-Day Vulnerabilities in Chrome - Update Your Browser ASAP

There is an advisory from Google for those who are using the Chrome browser. Google discovered 10 new 0-day vulnerabilities in the Chrome browser and asked to update the browser as soon as possible. 

Google has fixed these vulnerabilities by rolling out an update on the 16th of August. The company also said that the CVE-2022-2856 vulnerability is actively being exploited in the wild. The flaw is marked as a High severity vulnerability stemming from improper validation of untrusted input in Intents. Here is the tweet from Hossein Lotfi, a researcher from the Zero-Day-Initiative program from TrendMicro. Hossein Lotfi said in his tweet, "If an intent contains any extras or a data URI and it targets another browser, Google Chrome would open that browser with that URL without prompting."

https://twitter.com/hosselot/status/1560282024447025153?cxt=HHwWgoC9iYGPnqcrAAAA

What Are Web Intents?

Web Intents is a new technology that allows web applications to interact with each other without having to be explicitly developed for those interactions. For example, an app that provides sharing functionality can register a "share" intent, which would allow any other app that also provides sharing functionality to handle that request. This makes it easy for users to share content from one app to another without having to worry about which apps support which sharing methods.

Overall, Web Intents provides a way for web apps to interact with each other in a more natural and user-friendly way, as well as making it easier for developers to add new features to their apps.

10 New 0-Day Vulnerabilities in Chrome:

In the update Google shared, it has fixed these 10 0-day vulnerabilities in Chrome, of which 1 is Critical, 6 High, and 3 are Medium in severity.

  1. CVE-2022-2852: It's a Critical severity vulnerability in FedCM.

  2. CVE-2022-2854: It's a High severity vulnerability in SwiftShader.

  3. CVE-2022-2855: It's a High severity vulnerability in ANGLE.

  4. CVE-2022-2857: It's a High severity vulnerability in Blink.

  5. CVE-2022-2858: It's a High severity vulnerability in Sign-In Flow.

  6. CVE-2022-2853: It's a High severity Heap buffer overflow vulnerability in Downloads.

  7. CVE-2022-2856: It's a High severity vulnerability due to insufficient validation of untrusted input in Intents.

  8. CVE-2022-2859: It's a Medium severity vulnerability in Chrome OS Shell.

  9. CVE-2022-2860: It's a Medium severity vulnerability due to insufficient policy enforcement in Cookies.

  10. CVE-2022-2861: It's a Medium severity vulnerability due to inappropriate implementation in Extensions API.

Google's Recommendation to Fix 10 New 0-Day Vulnerabilities in Chrome:

The Stable channel from Google has rolled out patches with the new release. Mac and Linux users should update Chrome to v104.0.5112.101, and corresponding Windows users should update their Chrome to v104.0.5112.102/101 to fix the vulnerabilities. 

How to Update Chrome Browser?

The update procedure is very simple. It's just a matter of a couple of clicks.

Step 1. Open 'About Google Chrome' on the browser

Locket the three dots buttons at the top right corner of the window. A drop down will appear.
Then select
Help > About Google Chrome from the drop down. Update will start by itself if your machine is connected to the internet. In this example, we have a Chrome running v104.0.5112.081. The Chrome has started the update process by itself.

Step 2. Relaunch the Browser to complete the update

After the update gets completed, a 'Relaunch' button will appear. Click on it to relaunch the browser to complete the update process.

We hope this post would help you know about 10 new 0-day vulnerabilities in Chrome browser. Please share this post if you find this interested. Visit our social media page on FacebookLinkedInTwitterTelegramTumblrMedium & Instagram, and subscribe to receive updates like this.

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Cloud & OS Platforms

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe