In order to fix a high-severity zero-day vulnerability used by threat actors in attacks, Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux.
In a security advisory released today, Google said, “Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.“
The Chrome update will be released in the coming weeks, according to Google. However, by going to the Chrome menu > Help > About Google Chrome, you can install the update right away.
When you close and reopen Google Chrome, the browser will check for new updates and install them automatically.
Details about the zero-day have not been made public
CVE-2022-0609, the zero-day bug that was fixed today, is a “Use after free in Animation” bug with a high severity level.
Clément Lecigne, a member of Google’s Threat Analysis Group, discovered this flaw.
On computers running unpatched Chrome versions, attackers frequently exploit use after free bugs to execute arbitrary code or bypass the browser’s security sandbox.
While Google claimed to have detected zero-day attacks, it did not provide any additional information about the incidents or the vulnerability’s technical details.
“Until a majority of users are updated with a fix, access to bug details and links may be restricted,” Google added.
There were a total of 16 zero-days patched in 2021, so we’ll probably see many more as the year progresses:
- CVE-2021-21148 – February 4th
- CVE-2021-21166 – March 2nd
- CVE-2021-21193 – March 12th
- CVE-2021-21220 – April 13th
- CVE-2021-21224 – April 20th
- CVE-2021-30551 – June 9th
- CVE-2021-30554 – June 17th
- CVE-2021-30563 – July 15th
- CVE-2021-30632 and CVE-2021-30633 – September 13th
- CVE-2021-37973 – September 24th
- CVE-2021-37976 and CVE-2021-37975 – September 30th
- CVE-2021-38000 and CVE-2021-38003 – October 28th
- CVE-2021-4102 – December 13th
It is strongly recommended that everyone install today’s Google Chrome update as soon as possible because this zero-day has been used by attackers in the wild.