News August 19, 2022 Eclypses

Google Patches Another Zero-Day Vulnerability

What Happened?

On August 16, 2022, Google pushed out patches for the Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild, according to The Hacker News.  

This vulnerability is tracked as “CVE-2022-2856″ and has been defined as a case of insufficient validation of untrusted input in Intents. Google has stated that they are aware that an exploit for CVE-2022-2856 exists in the wild. In the most recent update, ten security flaws have been further addresses, most related to use-after-free bugs.  

This marks the fifth zero-day vulnerability in Chrome that Google has resolved since the beginning of 2022. The previous zero-day vulnerabilities this year include:  

  • CVE-2022-0609 – Use-after-free in Animation (February 14) 
  • CVE-2022-1096 – Type confusion in V8 (March 25) 
  • CVE-2022-1364 – Type confusion in V8 (April 14) 
  • CVE-2022-2294 – Heap buffer overflow in WebRTC (July 4) 

Who Were the Victims & How Did it Affect Them? 

Unfortunately, Google typically doesn’t provide many technical details about these zero-day vulnerabilities until a majority of Chrome users have applied the security update. The number of people affected by this zero-day vulnerability is unknown.

According to The Hacker News, users are recommended to update to version 104.0.5112.101 for macOS and Linux and 104.0.5112.102/101 for Windows to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Could Eclypses MTE Technology Prevent This Breach? 

Although MTE Technology could not prevent this entire hack, it can protect major aspects of the web application. With Eclypses MTE technology, the web application would have: 

  • Protected session data using SDR (Secure Data Replacement) 
  • Protected web traffic using MTE/MKE  
  • Created a one-to-one pairing relationship between the web application and the server 

Eclypses MTE technology protects the web application from being an accidental victim. Interested in discussing this zero-day vulnerability with the Eclypses team? Contact us today! 

Source: The Hacker News

More News

News

Network Security vs. Endpoint Security: What’s the Difference?

When implementing cybersecurity, it’s crucial to create a strategy that protects everything from your personal information to the systems that run your business. ...

Eclypses
News

3 Essential Benefits of Partnering with a Cloud-Centric Data Solution Provider

The Cloud-Centric Dilemma: A Data Revolution Beckons In the rapidly evolving digital landscape, businesses are encountering a pivotal dilemma: Are traditional data ...

Eclypses
News

Secure MTE Technology by Eclypses Shines in Recent Pen Test

In the relentless pursuit of cybersecurity excellence, Eclypses has emerged victorious in a recent pen test, showcasing an unparalleled resilience against adversari...

Eclypses
Contact Us

Be secure enough today for tomorrow’s cyber threats.

Contact Us