Warning: is_readable(): open_basedir restriction in effect. File(D:\InetPub\vhosts\kalen2u-3990.package\kalen2utech.com\wwwroot/wp-content/plugins/D:\InetPub\vhosts\kalen2u-3990.package\kalen2utech.com\wwwroot\wp-content\plugins\wp-statistics/languages/wp-statistics-en_US.mo) is not within the allowed path(s): (D:/InetPub/vhosts/kalen2u-3990.package\;C:\Windows\Temp\) in D:\InetPub\vhosts\kalen2u-3990.package\kalen2utech.com\wwwroot\wp-includes\l10n.php on line 649
You Need to Update Chrome Again | #1 Technology News Source by Kalen2utech
Published On: Thu, Aug 18th, 2022

You Need to Update Chrome Again

If we recently updated Google Chrome to version 104, we competence be astounded to learn there’s already another refurbish accessible for your browser. After all, a final refurbish patched 27 confidence vulnerabilities: What’s left to update? Apparently, utterly a bit, including a new confidence smirch that hackers already know how to exploit.

Google announced a refurbish in a Chrome Releases blog post Tuesday, Aug. 16. This new Chrome chronicle is 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows, and is now accessible on all platforms.

The patch includes fixes for 11 confidence vulnerabilities, of that one is labeled critical, 6 are labeled high-severity, and 3 are labeled medium-severity. However, a genuine story concerns one of a high-severity vulnerabilities, identified as CVE-2022-2856: Google reliable an feat for this smirch exists in a wild, creation it a zero-day vulnerability.

Zero-days are dangerous. While many confidence vulnerabilities are never exploited before a patch is available, some are. When someone is successful during not usually finding a smirch in software, though reckoning out how to use it opposite others, that disadvantage becomes a zero-day—CVE-2022-2856 is one such vulnerability.

The smirch stems from an “insufficient validation of untrusted submit in Intents.” According to Bleeping Computer, this form of smirch can lead to issues such as “buffer overflow, office traversal, SQL injection, cross-site scripting, nothing byte injection, and more.” It’s a prolonged list of consequences that could concede your system, and given there’s an feat for it in a wild, updating Chrome should be a priority.

Jachs NY Summer Sale

Styles starting during $10
This sitewide sale will ready we for any character conditions that might arise in a transition between seasons—whether it be a henley and jeans or a symbol adult and chino shorts moment.

However, it isn’t usually this zero-day that should remonstrate we to update: The other 10 issues are still critical to patch, given their identities are now known. Hackers could still find ways to feat these vulnerabilities, so it’s critical to refurbish to strengthen yourself opposite a board.

You can perspective all 11 vulnerabilities this refurbish rags below, including who detected a vulnerabilities and a prerogative they warranted for it:

  • [$NA][1349322] Critical CVE-2022-2852: Use after giveaway in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02
  • [$7000][1337538] High CVE-2022-2854: Use after giveaway in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18
  • [$7000][1345042] High CVE-2022-2855: Use after giveaway in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16
  • [$5000][1338135] High CVE-2022-2857: Use after giveaway in Blink. Reported by Anonymous on 2022-06-21
  • [$5000][1341918] High CVE-2022-2858: Use after giveaway in Sign-In Flow. Reported by ebony during KunLun lab on 2022-07-05
  • [$NA][1350097] High CVE-2022-2853: Heap aegis crawl in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04
  • [$NA][1345630] High CVE-2022-2856: Insufficient validation of untrusted submit in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19
  • [$3000][1338412] Medium CVE-2022-2859: Use after giveaway in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22
  • [$2000][1345193] Medium CVE-2022-2860: Insufficient process coercion in Cookies. Reported by Axel Chong on 2022-07-18
  • [$TBD][1346236] Medium CVE-2022-2861: Inappropriate doing in Extensions API. Reported by Rong Jian of VRI on 2022-07-21
  • [1353442] Various fixes from inner audits, fuzzing and other initiatives

How to refurbish Google Chrome

Whether you’re on Mac, Windows, or Linux, we can fast refurbish Chrome to patch not usually this zero-day vulnerability, though a other 10 flaws, as well. Click a 3 dots in a top-right dilemma of your browser window, afterwards go to Help About Google Chrome. Allow Chrome to demeanour for a new update. If one is available, you’ll be means to click “Relaunch” to implement it.

If we have involuntary updates enabled, we can simply wait for Chrome to implement a refurbish on the own. However, that could take a matter of weeks—the fastest approach to secure your browser is to refurbish Chrome yourself.

[Bleeping Computer]


About the Author