Advisories

MA-849.082022: MyCERT Alert - Security updates available for Google Chrome (CVE-2022-2856)
  •   20 Aug 2022
  •   Alert
  •   chrome, vulnerability, CVE-2022-2856

1.0 Introduction
Recently, Google has disclosed a security update to address a critical vulnerability [CVE-2022-2856] that was found in its Chrome browser. The vulnerability is due to insufficient validation of untrusted input in Intents, a feature that enables launching applications and web services directly from a web page. There have been few reported cases regarding this vulnerability.

2.0 Impact
Bad input validation in software can serve as a pathway to overriding protections or exceeding the scope of the intended functionality, potentially leading to buffer overflow, directory traversal, SQL injection, cross-site scripting, null byte injection, and more.

3.0 Affected Product
The affected Chrome browser are;
• Prior to version 104.0.5112.101 for Mac and Linux
• Prior to version 104.0.5112.102/101 for Windows

4.0 Recommendations
Users are recommended to update to version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to mitigate potential threats. Users are also encouraged to enable the automatic update function in Chrome to ensure that their software is updated promptly.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours)  
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2856
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html?m=1
https://www.bleepingcomputer.com/news/security/google-fixes-fifth-chrome-zero-day-bug-exploited-this-year/
https://thehackernews.com/2022/08/new-google-chrome-zero-day.html
https://www.chromium.org/developers/web-intents-in-chrome/

Popular Advisories
Archives