Overview of cve-2022-2856

Google released a patch for their fifth zero-day vulnerability this year. Google describes CVE-2022-2856 as a high-severity bad input validation vulnerability impacting Google Chrome. Like most of Google’s zero-day vulnerabilities, there are little details surrounding CVE-2022-2856.  

Google’s published advisory states that the bug is an “insufficient validation of untrusted input in Intents”, which is a feature that allows the launch of applications and web services from a web page. Because intents allow a web page to access and run a third-party app over a browser session, CVE-2022-2856 has likely given attackers the opportunity to distribute malicious apps through a web page or through phishing emails.  

According to MITRE, input validation checks potentially dangerous inputs to make sure that the inputs are safe for processing within the code, or when communicating with other components. If there is bad input validation in software, it can lead to overriding protections, buffer overflows, SQL injections, cross-site scripting, and more. 

Google has fixed the flaw, and the patch for the vulnerability should be ready for Chrome browsers for Windows, macOS, and Linux within the next few days or weeks via Chrome version 104.0.5112.101/102. To check which version of Chrome you are running, go to the About Google Chrome function where the browser’s internal checker will scan for updates. The function will also automatically start downloading the latest version of Chrome once it is available.  

This is the fifth zero-day for Google this year, making the Google browser popular amongst attackers. Attackers are now prioritizing ways to exploit Chrome, and Avertium advises that you switch to the latest version of the browser as soon as possible.  



How Avertium is Protecting Our Customers:

  • Avertium offers Zero Trust Architecture, like AppGate, to stop malware lateral movement.  
  • Avertium offers Zero Trust Network as a Service (ZTNaaS) for any organization that  wants to control their attack surface. The zero-trust security model delivers exactly what the name promises: it is an IT security concept that specifies no access is allowed until the successful completion of the authentication and authorization processes.   
  • Avertium recommends utilizing our service for DFIR (Digital Forensics and Incident Response) to help you rapidly assess, contain, eradicate, and recover from a security incident. 



Avertium's recommendations

Please perform the security update as soon as possible for CVE-2022-2856 


At this time, there are no known IoCs associated with CVE-2022-2856. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any IoCs be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   


Supporting documentation

Chrome Releases: Stable Channel Update for Desktop (googleblog.com) 

CWE - CWE-20: Improper Input Validation (4.8) (mitre.org) 

Google fixes fifth Chrome zero-day bug exploited this year (bleepingcomputer.com) 

Google Patches Fifth Actively Exploited Zero-Day Flaw in Chrome This Year | PCMag 





Related Reading: New Ransomware Family, HavanaCrypt, Disguises Itself as Fake Google Update


Contact us for more information about Avertium’s managed security service capabilities. 

Chat With One of Our Experts

Zero-Day Vulnerability Google Chrome Google Chrome Vulnerability Google Blog