A high-impact security threat has been identified on the Google Chrome browser which could leave users susceptible to attacks from hackers.
According to Forbes, Google Chrome CVE-2022-2856 Zero-Day, one of the attack threats the browsing giant is facing, could allow hackers to gain control of a system resource or execute arbitrary code on the browser.
The security threat is the fifth zero-day threat that Google has had to deal with so far in 2022.
Srinivas Sista of the Google Chrome team in its advisory note posted on August 6 confirmed that a total of eleven security vulnerabilities ranging from moderate to critical impact have been fixed in the latest Chrome update, with CVE-2022-2856, being the zero-day in question.
“Google knows that an exploit for CVE-2022-2856 exists in the wild,” Sista said.
Further details about the zero-day vulnerability are not being made public until most users have installed, updated and activated it.
Google, however, confirmed that CVE-2022-2856 was reported by Google Threat Analysis Group hackers, Ashley Shane and Christian Reisel, in July, citing, “Inadequate verification of unreliable inputs in intent.”
Commenting on the situation, Senior Contributor and Co-founder of Forbes Straight Talking Cyber, Davey Winder said, “At this point, all I can add in an attempt to clarify is that the ‘intents’ mentioned are how Chrome processes user input. It is possible, although again, I cannot confirm the exact technical details of CVE-2022-2856, that by creating a malicious input that prevents Chrome from verifying it, potentially leading to arbitrary code execution goes.”
How to secure your Chrome browser from Zero-Day #5 threat
Speaking on steps that can be taken by users to secure their Google Chrome browser, Winder said, “I can confidently say that you should check that your browser is updated to the latest Chrome version as soon as possible. For Mac and Linux users, it will be Chrome 104.0.5112.101, while for Windows users, it can be either 104.0.5112.101 or 104.0.5112.102, just for some additional unwanted confusion.
“While Chrome should update automatically, it is recommended that you force update checks to be safe. Before your browser is protected from this zero-day and other overt threats.
“You also need to take an extra step”, he continued, “relaunch your Chrome browser to activate Google Security Update.
“Go to the About Google Chrome entry in the browser menu, which will force it to check for any available updates. Once that update is downloaded and installed, a relaunch button will become available. After relaunching the browser, the update will activate and keep you safe from the fifth Google Chrome zero-day of the year.
Although Windows, Mac or Linux flavors, are all affected, Windows 10, 11 and Server Attacks are reported to suffer a high impact.
Since other browsers that are based on the Chromium engine are likely to be affected by similar vulnerabilities, expect updates from the likes of Brave, Edge and Opera to follow in due course.