In the recent news, Google Chrome has released a new update, 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability exploited by threat actors in attacks. “Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” Google said in a security advisory.
Google Chrome’s New Update Patches the Zero-Day Vulnerability
Furthermore, Google states that the Chrome update will launch in the coming weeks. However, it is possible to install the update immediately simply by going into the Chrome menu > Help > About Google Chrome. Google Chrome will also automatically check for new updates and install them the next time you close and relaunch the browser.
The zero-day vulnerability fixed today tracked as CVE-2022-0609, is defined as a “Use after free in Animation” and was allocated a High severity level. This zero-day vulnerability was discovered by Clément Lecigne from Google’s Threat Analysis Group. Attackers generally exploit use after free bugs to run arbitrary code on computers running unpatched Chrome versions or dodge the browser’s security sandbox.
While Google said they have witnessed attacks exploiting this zero-day vulnerability, it did not share any additional info concerning these incidents or technical facts about the vulnerability. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google added.
The New Update Will Also Fix Other Security Vulnerabilities
In addition to the zero-day vulnerability, this Google Chrome update has fixed seven other security vulnerabilities, all but one categorized as ‘High’ severity. With this update, Google has addressed the first Chrome zero-day since the start of 2022. However, we will probably see many more disclosed as the year goes on as there were a total of 16 zero-days patched in 2021, because this zero-day is known to have been exploited by attackers in the wild, is it strongly recommended that everyone install today’s Google Chrome update as soon as possible.
Source: Bleeping Computer