Intent “adds complexity” but “automatically handles the case of the mobile app not being installed” within links, according to the post. “Instead of assigning window.location or an iframe.src to the URI scheme, in Chrome, developers need to use their intent string as defined in this document,” the company explained on its website. Intents are a deep linking feature on the Android device within the Chrome browser that replaced URI schemes, which previously handled this process, according to Branch, a company that offers various linking options for mobile applications. The advisory also unveiled 10 other patches for various other Chrome issues. Google credits Ashley Shen and Christian Resell of its Google Threat Analysis Group (TAG) for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19.
The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with “insufficient validation of untrusted input in Intents,” according to the advisory posted by Google. Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.
0 kommentar(er)
