News

Google patches eleven vulnerabilities in Chrome, including zeroday with exploit

By admin
Spread the love

Google has released a patch for Chrome that fixes a zero day. A working exploit existed, but how often it has been exploited and what the bug actually entails is unknown.

Google has released update 104.0.5112.102/101 for Chrome for Windows and 104.0.5112.101 for macOS and Linux as a stable release. Company writes in a blog post that eleven vulnerabilities in the browser have been fixed. Six of these are use-after-freebugs in FedCm, SwiftShader, Angle, Blink, Shell, and Sign-in Flow. There is also an incorrect policy enforcement in the Cookies functionality of the browser. The vulnerabilities were suggested by third-party security researchers and in two cases by Google’s own Project Zero security department.

One of the bugs, CVE-2022-2856, is a zero day. “Google is aware that an exploit of CVE-2022-2856 exists in the wild,” the company wrote, but did not provide details. It is not known whether that exploit is actually being abused and in how many cases this is the case. Details about the vulnerability are sketchy; Google calls it an insufficient validation of untrusted input in Intents, but gives no further details about it. The vulnerability was found by an employee of Google’s own Threat Analysis Group, a separate security division.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

Brave sells web content as data for AI training

News

Firefox beta has support for Nvidia video upscaling technique