1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google Chrome update squashes bug used to attack users

    From TechnologyDaily@1337:1/100 to All on Thu Aug 18 12:30:04 2022
    Google Chrome update squashes bug used to attack users

    Date:
    Thu, 18 Aug 2022 11:27:31 +0000

    Description:
    Latest Chrome patch addresses almost a dozen security flaws, including high-severity issues being exploited in the wild.

    FULL STORY ======================================================================

    Google has patched a high-severity vulnerability for the desktop version of its Chrome browser .

    The flaw, tracked as CVE-2022-2856, is being actively exploited in the wild, the company says, which is why its paramount that users patch their endpoints immediately.

    As is common, Google doesnt want to say much about the flaw, until the majority of Chrome instances have been patched. What it did say, though, is that this is an improper input validation bug, further described as "insufficient validation of untrusted input in Intents." Patching up holes

    The fix came as part of a larger update, covering a total of 11 vulnerabilities. Besides CVE-2022-2856, Google fixed these flaws, as well: CVE-2022-2852 (critical): Use after free in FedCM CVE-2022-2854 (high): Use after free in SwiftShader CVE-2022-2855 (high): Use after free in ANGLE CVE-2022-2857 (high): Use after free in Blink CVE-2022-2858 (high): Use after free in Sign-In Flow. CVE-2022-2853 (high): Heap buffer overflow in Downloads CVE-2022-2859 (medium): Use after free in Chrome OS Shell CVE-2022-2860 (medium): Insufficient policy enforcement in Cookies CVE-2022-2861 (medium): Inappropriate implementation in Extensions API

    As per a report on The Register , Google paid out at least $29,000 to bounty hunters who found and disclosed these vulnerabilities. The highest payout, of $7,000, went to researchers who found CVE-2022-2854 and CVE-2022-2855. Last year, the company paid out almost $9 million for numerous bug disclosures. Read more

    Google Chrome users told to update immediately or risk attack


    Microsoft Edge gets emergency patch for severe zero-day vulnerability


    Here are the best patch management tools out there

    Being the worlds number one browser, Chrome is also the biggest target, with countless threat actors racing to find new zero-day vulnerabilities. Less
    than two months ago, Google fixed one such vulnerability for the Windows version, that was allegedly being exploited in the wild.

    The high-severity bug, tracked as CVE-2022-2294, is a heap-based buffer overflow weakness. Here's the rundown of the best firewalls around

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/google-chrome-update-squashes-bug-used-to-attac k-users/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)