"In addition, some of the most severe bugs would allow an attacker to execute malicious code in the context of the user," she said. Ms Wong said arbitrary code execution has in the past been used to steal data, run extortion schemes, and even expose private text messages and search history. This will lead to parts of the system getting unintended input, possibly resulting in arbitrary code execution, where a hacker uses a flaw to execute commands on a target device, she said. When a software does not validate the user input properly, a hacker can craft the input in a form that is not expected by the rest of the application. "It is critical that such user inputs are validated, to ensure that only the right data is entered into an information system, and to prevent bad data from persisting in the database, triggering a malfunction," she explained. When you click on a webpage, Intents is used to launch applications automatically and pass data to these apps, said Ms Joanne Wong, vice president, international markets at LogRhythm. So what exactly is this vulnerability that Google calls CVE-2022-2856? How could it be exploited and with what consequences? CNA spoke to three cybersecurity companies to find out: What is CVE-2022-2856?ĬVE-2022-2856 is a vulnerability related to Intents, a function that processes user input on Google Chrome. "Users are also encouraged to enable the automatic update function in Chrome to ensure that their software is updated promptly," said SingCERT, a unit under the Cyber Security Agency of Singapore (CSA). While Google did not give more information about this vulnerability, usually to prevent further exploitation until more users apply the security update, its Chrome Releases blog stated that the bug involves "insufficient validation of untrusted input in Intents". SINGAPORE: The Singapore Computer Emergency Response Team (SingCERT) on Thursday (Aug 18) urged Google Chrome users to install the latest security updates immediately, citing a high-severity vulnerability in the web browser that is being exploited.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |