External risk intelligence

Google Chrome Android: Malicious Website Browsing Risk

CVE advisoryKnown Exploit

CVE-2022-2856

A vulnerability in Google Chrome on Android could allow attackers to redirect users to malicious websites. This impacts organizations by potentially exposing employees to phishing or malware. Affected systems include instances of Chrome on Android. The business risk involves credential theft or further malware infectio

1Halo Surface Signal

Google Chrome

before 104.0.5112.10137before 104.0.5112.102

External exposure likelihood

Halo Surface Signal score for CVE-2022-2856

This vulnerability exists within the client-side browser application logic, specifically regarding how the browser processes intents and navigates to websites. It is not an internet-facing service, appliance, or gateway, and it does not represent a reachable network attack surface in the context of infrastructure or server-side deployment.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability is present in the Google Chrome browser on Android. It allows attackers to direct users to malicious websites. The core issue stems from how the browser handles user input within its "Intents" feature.

  • Vulnerable browser feature
  • Input validation failure
  • Unauthorized website browsing

Attack Path

How an attacker could exploit the issue

A remote attacker can leverage insufficient validation of untrusted input within Google Chrome on Android. This occurs when an attacker crafts a malicious HTML page. By tricking a user into interacting with this page, the attacker can then force the user's browser to navigate to a malicious website.

  • Malicious HTML page exposure.
  • Attacker crafts HTML page.
  • User interaction triggers malicious website browsing.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to redirect users to malicious websites by leveraging insufficient input validation in browser intents. This could impact organizations by potentially leading to phishing attacks or the delivery of further malware to employee devices. Given the method of exploitation, organizations should consider addressing this vulnerability with a degree of urgency.

  • Attackers with basic skills could exploit.
  • Requires user interaction with a crafted page.
  • Potential for user redirection and phishing.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Google Chrome on Android, related to insufficient validation of untrusted input in Intents, could allow a remote attacker to direct users to malicious websites. The impact on affected organizations includes potential exposure of employees to phishing or other malicious content through crafted HTML pages. This could lead to credential theft or the download of further malware, increasing the overall business risk.

  • Identify affected Chrome instances.
  • Limit exposure to malicious sites.
  • Apply vendor updates and verify.
  • Monitor for related activity.

Frequently asked questions

What is CVE-2022-2856 in Google Chrome for Android?

CVE-2022-2856 is a vulnerability found in Google Chrome on Android versions prior to 104.0.5112.101. It involves insufficient validation of untrusted input within the 'Intents' feature of the browser.

What type of weakness does CVE-2022-2856 represent?

This vulnerability is classified as Improper Input Validation, which falls under the CWE-20 weakness category. This means the software does not correctly process or handle data received from external sources.

How can an attacker exploit CVE-2022-2856?

An attacker can exploit this flaw by creating a malicious HTML page. When a user interacts with this crafted page, the vulnerability allows the attacker to arbitrarily direct the user's browser to a malicious website.

What is the relevance of CVE-2022-2856, referencing Halo Surface Signal?

Halo Surface Signal indicates this vulnerability is 'Very unlikely' to be a direct threat to infrastructure as it resides within client-side browser logic. However, it allows attackers to redirect users to malicious sites, posing a risk of phishing or malware delivery to end-users.

What actions should be taken regarding CVE-2022-2856?

To address this vulnerability, organizations should identify affected Chrome instances on Android devices, limit user exposure to potentially malicious websites, and promptly apply vendor-provided updates for Google Chrome. Verifying the successful application of these updates is also crucial.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified