CVE-2022-2856
Published on: Not Yet Published
Last Modified on: 10/27/2022 07:01:00 PM UTC
Certain versions of Fedora from Fedoraproject contain the following vulnerability:
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
- CVE-2022-2856 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity. - Affected Vendor/Software: Google - Chrome version < 104.0.5112.101
CVSS3 Score: 6.5 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | REQUIRED |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | NONE | HIGH | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Chrome Releases: Stable Channel Update for Desktop | chromereleases.googleblog.com text/html |
MISC chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html |
| [SECURITY] Fedora 37 Update: chromium-105.0.5195.125-2.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
FEDORA FEDORA-2022-3f28aa88cf |
| 1345630 - chromium - An open-source project to help move the web forward. - Monorail | crbug.com text/html |
MISC crbug.com/1345630 |
Related QID Numbers
- 180946 Debian Security Update for chromium (DSA 5212-1)
- 283172 Fedora Security Update for chromium (FEDORA-2022-3ca063941b)
- 283173 Fedora Security Update for chromium (FEDORA-2022-b49c9bc07a)
- 376828 Google Chrome Prior to 104.0.5112.101 Multiple Vulnerabilities
- 376829 Microsoft Edge Based on Chromium Prior to 104.0.1293.60 Multiple Vulnerabilities
- 690923 Free Berkeley Software Distribution (FreeBSD) Security Update for chromium (f12368a8-1e05-11ed-a1ef-3065ec8fd3ec)
- 710606 Gentoo Linux Chromium, Google Chrome, Microsoft Edge Multiple Vulnerabilities (GLSA 202208-35)
- 752520 OpenSUSE Security Update for opera (openSUSE-SU-2022:10108-1)
- 752521 OpenSUSE Security Update for opera (openSUSE-SU-2022:10109-1)
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Operating System | Android | - | All | All | All | |
| Application | Chrome | All | All | All | All |
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*:
- cpe:2.3:o:google:android:-:*:*:*:*:*:*:*:
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @revskills |
Google is aware that an exploit for CVE-2022-2856 exists in the wild. chromereleases.googleblog.com/2022/08/stable… | 2022-08-16 21:19:35 |
| @inthewildio |
CVE-2022-2856 is getting exploited #inthewild. Find out more at inthewild.io/vuln/CVE-2022-… | 2022-08-16 22:03:53 |
| @ohhara_shiojiri |
こっちは既にPoC有りか > "Google is aware that an exploit for CVE-2022-2856 exists in the wild." | 2022-08-17 00:05:57 |
| @the_yellow_fall |
Chrome releases security update to fix 0-day CVE-2022-2856 vulnerability securityonline.info/chrome-release… #opensource #infosec #security #pentesting | 2022-08-17 01:29:42 |
| @AcooEdi |
Chrome releases security update to fix 0-day CVE-2022-2856 vulnerability dlvr.it/SWlnGZ via securityonline | 2022-08-17 01:33:02 |
| @Dinosn |
Chrome releases security update to fix 0-day CVE-2022-2856 vulnerability securityonline.info/chrome-release… | 2022-08-17 05:04:40 |
| @d34dr4bbit |
Chrome releases security update to fix 0-day CVE-2022-2856 vulnerability aeternusmalus.wordpress.com/2022/08/17/chr… | 2022-08-17 11:12:14 |
| @TreyClark3rd |
@Google is rolling out patches for #Chrome to contain a #zeroday flaw tracked as CVE-2022-2856. Patch away.… twitter.com/i/web/status/1… | 2022-08-17 12:14:12 |
| @moton |
Chrome releases security update to fix 0-day CVE-2022-2856 vulnerability - securityonline.info/chrome-release… | 2022-08-17 12:25:03 |
| @autumn_good_35 |
『Google is aware that an exploit for CVE-2022-2856 exists in the wild.』 Chrome Releases: Stable Channel Update for… twitter.com/i/web/status/1… | 2022-08-17 12:51:19 |
| @ryanaraine |
New Chrome 0day "Google is aware that an exploit for CVE-2022-2856 exists in the wild." Story securityweek.com/google-patches… | 2022-08-17 13:13:15 |
| @DennisF |
One of these flaws (CVE-2022-2856) was discovered by @google's Threat Analysis Group, and there's an exploit availa… twitter.com/i/web/status/1… | 2022-08-17 13:28:57 |
| @kr_simon_choi |
Google is aware that an exploit for CVE-2022-2856 exists in the wild. | 2022-08-17 13:44:33 |
| @MrsYisWhy |
SecurityWeek: RT @ryanaraine: New Chrome 0day "Google is aware that an exploit for CVE-2022-2856 exists in the wil… twitter.com/i/web/status/1… | 2022-08-17 14:54:38 |
| @DigitalGuardian |
Heads up: Time to update Chrome if you haven't yet to fix a new zero day: CVE-2022-2856: buff.ly/3dqY4Qq https://t.co/sIgXe5bv2q | 2022-08-17 15:54:01 |
| @ipssignatures |
The vuln CVE-2022-2856 has a tweet created 0 days ago and retweeted 36 times. twitter.com/ryanaraine/sta… #pow1rtrtwwcve | 2022-08-17 16:06:00 |
| @ashl3y_shen |
The Chrome 0day (CVE-2022-2856) that me and @0xbadcafe1 found ITW is patched in the latest release. Update your Chr… twitter.com/i/web/status/1… | 2022-08-17 18:16:29 |
| @Har_sia |
CVE-2022-2856 har-sia.info/CVE-2022-2856.… #HarsiaInfo | 2022-08-17 18:23:02 |
| @AquiaSolutions |
Google Chrome Zero-Day Found Exploited in the Wild: The high-severity security vulnerability (CVE-2022-2856) is due… twitter.com/i/web/status/1… | 2022-08-17 19:17:06 |
| @cipherstorm |
Google Chrome Zero-Day Found Exploited in the Wild: The high-severity security vulnerability (CVE-2022-2856) is due… twitter.com/i/web/status/1… | 2022-08-17 19:17:11 |
| @shah_sheikh |
Google Chrome Zero-Day Found Exploited in the Wild: The high-severity security vulnerability (CVE-2022-2856) is due… twitter.com/i/web/status/1… | 2022-08-17 19:22:36 |
| @SpywareSpeaks |
Google Chrome Zero-Day Found Exploited in the Wild. The high-severity security vulnerability (CVE-2022-2856) is due… twitter.com/i/web/status/1… | 2022-08-17 19:46:04 |
| @dekogen3057 |
@Slickjilly After you update your Chrome browser type this in to Google and you'll find the info you're looking for: CVE-2022-2856 | 2022-08-17 20:17:11 |
| @wdormann |
CVE-2022-2856 found exploited in the wild as an 0day in Google Chrome. twitter.com/DarkReading/st… | 2022-08-17 20:25:09 |
| @PatrizioBytes |
Microsoft Edge released 104.0.1293.60 Stable Channel for Android platform with CVE-2022-2856. We are aware that thi… twitter.com/i/web/status/1… | 2022-08-17 20:42:31 |
| @ipssignatures |
The vuln CVE-2022-2856 has a tweet created 0 days ago and retweeted 20 times. twitter.com/ashl3y_shen/st… #pow1rtrtwwcve | 2022-08-17 22:06:00 |
| @maddiestone |
3 in-the-wild 0-days patched in the last two days: * CVE-2022-2856 in Chrome discovered by @ashl3y_shen &… twitter.com/i/web/status/1… | 2022-08-17 23:31:16 |
| @jingbay |
Googleがあちらの水曜(今日)にChromeで実際に攻撃に利用されている脆弱性を発見したとして修正をリリース。CVE-2022-2856はIntentに対する入力のvalidationが不十分であったというもの。現在、これ以上… twitter.com/i/web/status/1… | 2022-08-17 23:39:04 |
| @tayvano_ |
2022's 5th in-the wild Chrome zero-day is here. CVE-2022-2856: Insufficient validation of untrusted input in Inten… twitter.com/i/web/status/1… | 2022-08-18 00:41:06 |
| @avoidthehack |
Update @Chrome now to patch actively exploited zero-day CVE-2022-2856 - affects Chrome/Chromium passing data to ot… twitter.com/i/web/status/1… | 2022-08-18 00:44:56 |
| @ChainCatcher_ |
?资讯 @googlechrome浏览器发布版本更新,以修复新的零时差漏洞,该漏洞代号为CVE-2022-2856,是由于浏览器未「充分验证不受信任的输入」。 Web3钱包安全机构@wallet_guard表示,所有使用Chr… twitter.com/i/web/status/1… | 2022-08-18 02:02:01 |
| @ipssignatures |
The vuln CVE-2022-2856 has a tweet created 0 days ago and retweeted 12 times. twitter.com/maddiestone/st… #pow1rtrtwwcve | 2022-08-18 02:06:00 |
| @_therealmark_ |
Update Chrome now to patch actively exploited zero-day CVE-2022-2856 is a fix for "insufficient validation of unt… twitter.com/i/web/status/1… | 2022-08-18 03:01:01 |
| @Shaweeen |
Chrome 浏览器发布 104.0.5112.101(Mac 和 Linux)和 104.0.5112.102(Windows)版本更新,以修复新的零日漏洞,该漏洞代号为 CVE-2022-2856,是由于浏览器未「充分验证不受… twitter.com/i/web/status/1… | 2022-08-18 03:05:05 |
| @BitCheckerCN |
#币圈安全 #Chrome浏览器 发布104.0.5112.101(Mac 和 Linux)和 104.0.5112.102(Windows)版本更新,以修复新的零时差漏洞,该漏洞代号为 CVE-2022-2856,是由于浏览器… twitter.com/i/web/status/1… | 2022-08-18 03:05:06 |
| @TechTalkThai |
Google แพตช์อุดช่องโหว่ Zero-day ให้ Chrome techtalkthai.com/google-fixed-z… | 2022-08-18 04:29:42 |
| @lucasxtwt |
Google แพตช์อุดช่องโหว่ Zero-day ให้ Chrome techtalkthai.com/google-fixed-z… | 2022-08-18 04:50:23 |
| @IM_23pds |
3 in-the-wild 0-days patched in the last two days: * CVE-2022-2856 in Chrome discovered by @ashl3y_shen&… twitter.com/i/web/status/1… | 2022-08-18 05:57:13 |
| @happygeek |
Here we go again, by me @Forbes: Google confirms 0day #5 of 2022 as the CVE-2022-2856 attacks begin. Here's what w… twitter.com/i/web/status/1… | 2022-08-18 07:23:25 |
| @ForenzyN |
Zero-day vulnerability in #Google Chrome High-severity vulnerability in Google Chrome tracked as CVE-2022-2856, is… twitter.com/i/web/status/1… | 2022-08-18 07:33:54 |
| @ohmohm |
Google แพตช์อุดช่องโหว่ Zero-day ให้ Chrome techtalkthai.com/google-fixed-z… . | 2022-08-18 07:34:57 |
| @MachinaRecord |
?アップルがmacOSおよびiOSの新たなゼロデイにパッチ(CVE-2022-32894他) ?Google、実際に悪用されるChromeのゼロデイへのパッチをリリース(CVE-2022-2856他) ⚠️CPUの脆弱性ÆPI… twitter.com/i/web/status/1… | 2022-08-18 08:16:09 |
| @helpnetsecurity |
Apple fixes exploited zero-days: Update your devices! (CVE-2022-32894, CVE-2022-32893) - helpnetsecurity.com/2022/08/18/cve… -… twitter.com/i/web/status/1… | 2022-08-18 09:56:56 |
| @blu3cloak |
Apple fixes exploited zero-days: Update your devices! (CVE-2022-32894, CVE-2022-32893) helpnetsecurity.com/2022/08/18/cve… | 2022-08-18 10:51:08 |
| @tony_cleal |
helpnetsecurity.com/2022/08/18/cve… | 2022-08-18 10:53:59 |
| @netsecu |
helpnetsecurity.com/2022/08/18/cve… Apple fixes exploited zero-days: Update your devices! (CVE-2022-32894, CVE-2022-32893) #cybersecurity | 2022-08-18 10:55:05 |
| @OSINT_info |
helpnetsecurity.com/2022/08/18/cve… Apple fixes exploited zero-days: Update your devices! (CVE-2022-32894, CVE-2022-32893) #cybersecurity | 2022-08-18 11:04:40 |
| @ruinabadguysday |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/ruinabadguysda… | 2022-08-18 11:12:17 |
| @afterdawnfi |
Google paikkasi Chrome-selaimen nollapäivähaavoittuvuuden - päivitä selain fin.afterdawn.com/uutiset/artikk… | 2022-08-18 11:40:03 |
| @Alexsander71 |
CVE-2022-2856, the issue is a case of insufficient validation of untrusted input in Intents. The tech giant has ref… twitter.com/i/web/status/1… | 2022-08-18 11:46:02 |
| @SecurityNewsbot |
#Apple fixes exploited zero-days: #Update your devices! (CVE-2022-32894, CVE-2022-32893) helpnetsecurity.com/2022/08/18/cve… #HelpNetSecurity | 2022-08-18 13:30:12 |
| @qualys |
#Qualys Threat Protection - Google Chrome Zero-Day Insufficient Input Validation Vulnerability (CVE-2022-2856)… twitter.com/i/web/status/1… | 2022-08-18 14:30:09 |
| @Har_sia |
CVE-2022-2856 har-sia.info/CVE-2022-2856.… #HarsiaInfo | 2022-08-18 15:02:16 |
| @hosselot |
Google Chrome (In-The-Wild) Zero day (CVE-2022-2856) fix. If an intent contains any extras or a data URI and it tar… twitter.com/i/web/status/1… | 2022-08-18 15:06:37 |
| @sofarinimout |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/v/19037?s=tnp | 2022-08-18 15:23:00 |
| @crypto_crew |
Fellow @Crypto_Crew members, due to security reasons (zero-day exploit CVE-2022-2856) we'd like to advice you to up… twitter.com/i/web/status/1… | 2022-08-18 15:43:00 |
| @antivirusfrance |
Vulnérabilité dans #Microsoft #Edge CVE-2022-2856 – 104.0.1293.60, #Apple antivirus-france.com/vulnerabilite-… | 2022-08-18 16:53:52 |
| @AZILINONS |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:46 |
| @abiodunfawole |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:47 |
| @Autoloansforeve |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:47 |
| @VexDoesRE |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:48 |
| @Sixto_Torres |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:48 |
| @crossmediapubli |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:48 |
| @iamtokstesla |
Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:49 |
| @gvertlieb |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:49 |
| @digitalNFTarts |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:49 |
| @FundRaphael |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:50 |
| @aleubdecap |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:50 |
| @jmattos2001 |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:51 |
| @HRTechOnline |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:51 |
| @paramountnashik |
Top story by PARENTNashik Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…… twitter.com/i/web/status/1… | 2022-08-18 17:28:51 |
| @icjr |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:52 |
| @GenerousFeed |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:52 |
| @dcgalex |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:53 |
| @CarsForNoCredit |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:53 |
| @HRTechMagazine |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:54 |
| @robertopuyo |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:55 |
| @derblauweisse |
Forbes NEWTop story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see… twitter.com/i/web/status/1… | 2022-08-18 17:28:55 |
| @PabloALondono |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:55 |
| @vkchaudhary19 |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/media/forbes/a… | 2022-08-18 17:28:56 |
| @WorkMoneyFun |
Top story: Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin forbes.com/sites/daveywin…, see more tweetedtimes.com/v/23143?s=tnp | 2022-08-18 17:33:13 |
| @Har_sia |
CVE-2022-2856 har-sia.info/CVE-2022-2856.… #HarsiaInfo | 2022-08-18 18:24:03 |
 /r/k12cybersecurity |
MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution | 2022-08-17 12:45:09 |
| /r/Hacks_And_Exploits |
Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw | 2022-11-28 09:06:38 |
| /r/Tech_Hackers_And_More |
Ninth Actively Exploited Chrome Zero-day Spotted in the Wild | 2022-12-07 12:50:46 |