Resource August 19, 2022

Zero-Day Vulnerability Discovered: Google Chrome’s Fifth Zero-Day Exploit This Year

Zero Day Vulnerability Discovered

*Update Chrome now to patch actively exploited zero-day*

Google announced an update on Wednesday to the Stable channel of its Chrome browser that includes a fix for an exploit that exists in the wild. It’s the fifth Chrome zero-day patched by Google this year.

What You Need to Know

CVE-2022-2856 is a fix for “insufficient validation of untrusted input in Intents,” according to Google’s advisory. Intents are typically a way to pass data from inside Chrome to another application, such as the share button on Chrome’s address bar. Google says the update—104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows—will “roll out over the coming days/weeks.” There are 10 other security fixes included in the update, and Dark Reading notes that this is Chrome’s fifth zero-day vulnerability disclosed in 2022.

With an un-patched version of Google Chrome, the CVE-2022-2856 exploit can ultimately lead to arbitrary code executions from malicious websites. As noted by the MITRE Corporation, “When software does not validate input properly, an attacker can craft the input in a form that is not expected by the rest of the application.” The practicality of this leads to altered control flow. The malicious site could then retrieve sensitive data/files from the user’s system or even tamper with application components to contaminate arguments. For example, an un-patched browser can be tricked into displaying fake or corrupted files to the end-user, who believes it is their own legitimate file URI and opens/uploads data which is then sent to the attacker.

A similar exploit, designated as CVE-2019-13707, was first published on 11/25/2019 and was yet another Google Chrome vulnerability, affecting Android devices prior to 78.0.3904.70. Carrying the “Insufficient validation of untrusted input in intents” description, this exploit acted in the same manner as CVE-2022-2856. Google’s solution to this included a simple update of the Chrome browser.

Continuous Monitoring is Critical

Adlumin recommends using a Continuous Vulnerability Management (CVM) product to collect the needed data from endpoints to determine if they are running vulnerable versions of Microsoft Windows and Office. CVM software can also be used to identify those assets which have or do not have the official Microsoft mitigation in place. Adlumin also recommends leveraging the business’s SIEM product to continually search and alert for suspicious executions which may be a result of the exploitation of the vulnerability.