This vulnerability is highly relevant to almost all internet users, especially cryptocurrency investors. Zero-day vulnerabilities are identified by highly skilled attackers and can be exploited significantly until detected. The Singapore Cyber Security Agency also warns about this issue.
Google Chrome Vulnerability
Systems have had vulnerabilities for years and will continue to do so. The Singapore Computer Emergency Response Team (SingCERT) announced a significant vulnerability threatening Google Chrome users on Thursday, August 18. Google does not provide details about a zero-day vulnerability until it is patched to prevent more attackers from discovering it.
This security flaw, named CVE-2022-2856 by Google, shows what dangers might await you in the future. Therefore, you should always be skeptical and cautious about the websites you visit and the links sent to you, especially from social media.
These vulnerabilities, often not detected during an attack by security software, take full advantage of being undefined as they have not yet been identified.
What is CVE-2022-2856?
This vulnerability is related to a function called “Intents” that processes user input in the browser. According to Joanne Wong, this function is used to automatically launch applications and transfer data to applications.
“It is crucial to validate such user inputs to ensure only correct data is entered into an information system and to prevent bad data from becoming persistent in the database and triggering a malfunction.”
Attackers can use this to sabotage the application and execute their malicious code when user input is not correctly validated. Wong mentioned that arbitrary code execution has been used in the past to steal data, carry out extortion plans, and even expose private text messages and call history.
“Additionally, some of the most severe errors allow an attacker to execute malicious code in the context of the user. The severity of the attack depends on the privileges associated with the user—whether they have the authority to install new programs, view, modify, or delete data, or create new user accounts.”
Google announced that this vulnerability has been patched, and a detailed report will be shared after 90 days. This year, Google has patched four different zero-day vulnerabilities, so it seems beneficial for investors to stay vigilant.