Google has patched an insufficient validation input flaw along with 11 other security vulnerabilities. The flaw allows for arbitrary code execution and is currently under active attack, according to Google. This marks the fifth zero-day vulnerability discovered and subsequently patched in Chrome this year. The patch was released on Wednesday of this week in a stable channel update. The bug is tracked as CVE-2022-2856 and is ranked as high severity on the Common Vulnerability Scoring System.
Google posted an advisory addressing the security bug around the time it was patched. The advisory confirms that the flaw is associated with insufficient validation of input. Google has credited security researchers working for its Threat Analysis Group with finding and reporting the zero-day bug. The vulnerability could lead to arbitrary code execution, says Google. Insufficient validation flaws are associated with a failing technique for checking potentially dangerous inputs. The flaw means that an attacker could craft the input in a form that is unexpected, which will lead to altered control flow, arbitrary control of resource, or arbitrary code execution, says Google.
Read More: Google Patches Chrome’s Fifth Zero-Day of the Year