Google, Apple squash exploitable browser bugs


Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild.

That high-severity vulnerability, tracked as CVE-2022-2856, is an improper input validation bug, and as per usual, Google doesn’t release many details about it until the bulk of Chrome users are updated and the code is fixed.

In an advisory, the internet giant described the flaw as “insufficient validation of untrusted input in Intents,” and noted that it “is aware that an exploit for CVE-2022-2856 exists in the wild.”

Chrome Intents can be used to launch apps from webpages and pass data to those applications.

Read more…
Source: The Register