Urgent Security Flaw Is Forcing Google Chrome Users To Patch Browsers ASAP
Google has released a Chrome browser update which addresses a zero-day flaw that is currently under active attack. This is the fifth time this year that Google has put Chrome users in a situation where they should act swiftly to apply a patch to a critical security flaw. If you are a Chrome user, please check that you are running 104.0.5112.102/101 for Windows, or 104.0.5112.101 for Mac and Linux. If not, you can nudge Chrome to update immediately by selecting the triple dot menu in the upper-right corner, then Help, then About Google Chrome.
The latest Chrome update includes not only the headlining security flaw, but 11 critical, high, and medium security fixes in total. The headlining issue is Chrome bug 1345630, which has been tracked as CVE-2022-2856. Until CVE-2022-2856 is patched, it can allow attackers to run arbitrary code on your system. Its almost benign sounding technical description is that it allows “Insufficient validation of untrusted input in Intents,” but do not let your guard down.
Translating the CVE techno-speak to English, ‘Intents’ are a deep linking device used by Google to allow links to open up other apps. Think about links that pop open a video conferencing app, or a torrent app, for example. Google's mechanism in Chrome was too open, and thus open to exploitation. Attackers could craft a form on a web page, and a visitor using an unpatched version of Chrome could then get a dose of malware. However, Google is prudently holding back on most of the details of the flaw, including how it is being exploited in the wild, as the update rolls out to users who might not keep up with the latest tech news. Remember, you can get the update now if you follow our tip in the intro.