A new Google Chrome zero-day vulnerability is being actively exploited
- February 15, 2022
Chrome 98.0.4758.102 for Windows, Mac, and Linux has been published to address a high-severity zero-day flaw exploited by malicious attackers in attacks. “Google is aware of claims that an exploit for CVE-2022–0609 exists in the wild,” the company stated in a security advisory published yesterday.
The Chrome upgrade will be available in the coming weeks, according to Google. However, by going to the Chrome menu > Help > About Google Chrome, you can quickly apply the update. When you close and restart Google Chrome, the browser will automatically check for new updates and install them.
The CVE-2022–0609 zero-day problem, which was resolved yesterday, is characterized as a “Use after free in Animation” and has been assigned a High risk score. Clément Lecigne, a member of Google’s Threat Analysis Group, found this bug.
Attackers frequently take advantage of use after free bugs to launch arbitrary code on devices that run unpatched Chrome versions or to bypass the browser’s security environment. Although Google stated that it had identified attacks leveraging this zero-day flaw, it did not provide any additional information or technical details on the flaw.
“Until a majority of users have been updated with a patch, access to bug details and links may be restricted,” Google added. Aside from the zero-day, this Google Chrome version patched seven other security flaws, all but one of which were rated as ‘High’ severity.
Google has solved the first Chrome zero-day since the start of 2022 with this release. However, given that there were a total of 16 zero-days patched in 2021, we may expect many more to be revealed as the year progresses. Because cybercriminals have been known to use this zero-day in the public, it is strongly advised that everyone install recent Google Chrome update as soon as possible.