Tenable senior staff research engineer Satnam Narang told TechTarget Editorial that the Chrome vulnerability could potentially be linked up with other bugs to escape the browser's sandbox protections and perform additional exploits. If a threat actor can make a specially crafted response, they could get code execution on the target system." "The bug likely manifests when a user attempts to use an Intent for some purpose. "Web Intents are based on Android Intents and offer integration to web applications for developers," Trend Micro Zero Day Initiative senior communications manager Dustin Childs told TechTarget Editorial. While Google was less than forthcoming with details on the under-attack vulnerability, researchers were able to figure out enough to know that the bug could potentially be dangerous when exploited. Google's advisory did not provide much information on the vulnerability itself, only describing the issue as "insufficient validation of untrusted input in Intents." Intents is an API that allows the Chrome browser to open outside applications.Īshley Shen and Christian Resell of Google Threat Analysis Group were credited with reporting the bug to Chrome's developer team. Google noted that the vulnerability is currently under exploitation in the wild. Included in the update was a patch for CVE-2022-2856, a zero-day vulnerability in the way the Intents component handles input validation.
0 Comments
Leave a Reply. |