Patch the gap: How to update your Google Chrome browser

By now, you should have seen or heard of CVE-2022-2856, an ambiguous, zero-day vulnerability in Google Chrome that was only properly addressed just days ago.

According to the Chrome team's blog, CVE-2022-2856 was described as a high-severity issue because of "Insufficient validation of untrusted input in Intents".

For those not in the know, Intents refer to a developer concept and procedure, where an Intent requests action (like starting an activity or services) from an app component.

According to BleepingComputer, one such use of Intents is to launch applications or web services directly from a web page.

That's also not helped by bad input validation, so a skilled bad actor can exploit these gaps to do bad things (for example, SQL injection without your knowledge) via an outdated Google Chrome browser.

It's a big deal because Google stated that the exploit for such a vulnerability "exists in the wild", which is developer-speak for "naughty people are exploiting it already".

One such example was Operation Dream Job and Operation AppleJeus, where North Korean hackers exploited a (now defunct) Chrome vulnerability to target fintech, crypto, news media, and IT companies.

Typically, the exact details of a vulnerability won't be revealed until a sufficient number of users have patched it, to prevent further exploitation.

As far as we know, it was spotted by the Google Threat Analysis Group in mid-July 2022.

Updating your Google Chrome 

So, here's a quick guide on getting your Google Chrome browser up to date, assuming that your desktop browser hasn't updated automatically and you need to get it done ASAP.

The updated versions that address the vulnerability are 104.0.5112.101 for Mac and Linux, and 104.0.5112.102 for Windows.

There's no news yet for the mobile app versions, but Android and iOS are a matter of updating apps via the respective app store anyway.

1. Start up your Google Chrome browser
2. Look for the three-dot menu at the top right of the browser's window
3. Select Help, and go to About Google Chrome
4. If an update is available, you can click on the Update Google Chrome button to trigger it manually

ALSO READ: Google Chrome now gives out badges to extensions that respect user privacy

After updating, restart your browser (either by pressing the restart browser button or exiting Google Chrome completely and firing it up again)

If you have automatic updates enabled, the three-dot menu will appear in either green, orange, or red, to indicate that an update has been installed and requires a browser restart.

If your most updated version isn't one of the above, don't panic because Google is still rolling out the version "in coming weeks". You can try again at a later time.

This article was first published in HardwareZone.