Google Chrome Fixes Actively Exploited Vulnerability

⚡ TL;DR | Go Straight to the Google Chrome Vulnerability Report

Google has released a stable channel update for Google Chrome which fixes 11 vulnerabilities. The most severe of these could allow for arbitrary code execution, in the context of a logged-on user. Depending on that user's privileges, an attacker could then view, change, or delete sensitive data and files, install programs, or even create new accounts with full user rights, further compromising the network. Because of this, the risks for accounts that operate with administrative user rights are significantly higher than for those that are configured with fewer user rights.

Google has released a stable channel update for Mac and Linux (104.0.5112.101) and for Windows (104.0.5112.102/101) which will roll out over the coming days and weeks. Any older Google chrome versions are at risk of being affected by these vulnerabilities. Users are advised to apply the stable channel update as soon as possible.

CVE-2022-2856

According to Google's own blog "Google is aware that an exploit for CVE-2022-2856 exists in the wild." This vulnerability concerns an insufficient validation of untrusted input in Intents. Further bug details are at this moment still kept restricted, but may be released once a majority of users are up-to-date with the fix.

Discover Vulnerable Devices

Based on the information shared by Google, we have created a special Lansweeper report that will provide a list of all Google Chrome installs in your environment that could still be affected by the vulnerabilities mentioned. This way you have an actionable list of installs that still need to be updated.

CVE CodeDescriptionSeverity
CVE-2022-2852Use after free in FedCMCritical
CVE-2022-2854Use after free in SwiftShaderHigh
CVE-2022-2855Use after free in ANGLEHigh
CVE-2022-2857Use after free in BlinkHigh
CVE-2022-2858Use after free in Sign-In FlowHigh
CVE-2022-2853Heap buffer overflow in DownloadsHigh
CVE-2022-2856Insufficient validation of untrusted input in IntentsHigh
CVE-2022-2859Use after free in Chrome OS ShellMedium
CVE-2022-2860Insufficient policy enforcementMedium
CVE-2022-2861Inappropriate implementation in Extensions APIMedium
Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​