Chrome 98.0.4758.102 for Windows, Mac, and Linux has been published to address a high-severity zero-day vulnerability used by threat actors in cyberattacks. “Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” as said by the company in its latest security advisory.
Google clarifies that the Chrome upgrade will be available in the coming weeks. However, it’s possible to install the update immediately by visiting the Chrome menu > Help > About Google Chrome. When you shut and reopen Google Chrome, the browser will automatically check for new updates and install them.
The recently resolved CVE-2022-0609 zero-day flaw is defined as a “Use after free in Animation” and has been assigned a ‘High’ severity rating. Clément Lecigne of Google’s Threat Analysis Group uncovered this vulnerability. Attackers frequently leverage use-after-free flaws to run arbitrary code or bypass the browser’s security sandbox on PCs running unpatched Chrome versions.
While Google stated that it had identified attacks leveraging this zero-day vulnerability, it did not provide more information or technical specifics on the flaw. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google added.
Aside from the zero-day, this Google Chrome version patched seven additional security flaws, all but one of which were rated as ‘High’ severity. With this release, Google has solved the first Chrome zero-day since the start of 2022. Since there were 16 zero-days patched in 2021, many more will likely be disclosed as the year progresses. As attackers have been known to exploit this zero-day in the wild, it is strongly advised that everyone install the newest Google Chrome update as soon as possible.