One such example was Operation Dream Job and Operation AppleJeus, where North Korean hackers exploited a (now defunct) Chrome vulnerability to target fintech, crypto, news media, and IT companies. It's a big deal because Google stated that the exploit for such a vulnerability "exists in the wild", which is developer-speak for "naughty people are exploiting it already". That's also not helped by bad input validation, so a skilled bad actor can exploit these gaps to do bad things (for example, SQL injection without your knowledge) via an outdated Google Chrome browser. By now, you should have seen or heard of CVE-2022-2856, an ambiguous, zero-day vulnerability in Google Chrome that was only properly addressed just days ago.Īccording to the Chrome team's blog, CVE-2022-2856 was described as a high-severity issue because of "Insufficient validation of untrusted input in Intents".įor those not in the know, Intents refer to a developer concept and procedure, where an Intent requests action (like starting an activity or services) from an app component.Īccording to BleepingComputer, one such use of Intents is to launch applications or web services directly from a web page.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |