CVE-2022-2856

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 104.0.5112.101 Microsoft Edge (affected versions not specified)

Description The issue is related to insufficient validation of untrusted input in Intents, allowing a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. This can lead to the execution of arbitrary code. The vulnerability has been exploited in the wild, with reports of its use in targeted attacks. Google has updated Chrome to version 104, which fixes this vulnerability along with 10 others. The new version of Android, Android 13, has also introduced security features that limit the capabilities of mobile malware, but researchers have already found ways to bypass these restrictions.

Recommendations For Google Chrome versions prior to 104.0.5112.101, update to version 104.0.5112.101 or later to fix the vulnerability. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.