Jump to content
  • Google Chrome emergency update fixes zero-day exploited in attacks

    Karlston

    • 537 views
    • 3 minutes
     Share


    • 537 views
    • 3 minutes

    Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks.

     

    "Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild," Google said in a security advisory released today.

     

    Google states that the Chrome update will roll out over the coming weeks. However, it is possible to install the update immediately simply by going into the Chrome menu > Help > About Google Chrome.

     

    The browser will also automatically check for new updates and install them the next time you close and relaunch Google Chrome.

     

    chrome-98.jpg

    Google Chrome 98 update

    Zero-day details not disclosed

    The zero-day bug fixed today, tracked as CVE-2022-0609, is described as a "Use after free in Animation" and was assigned a High severity level.

     

    This vulnerability was discovered by Clément Lecigne from Google's Threat Analysis Group.

     

    Attackers commonly exploit use after free bugs to execute arbitrary code on computers running unpatched Chrome versions or escape the browser's security sandbox.

     

    While Google said they have detected attacks exploiting this zero-day, it did not share any additional info regarding these incidents or technical details about the vulnerability.

     

    "Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google added.

     

    In addition to the zero-day, this Google Chrome update fixed seven other security vulnerabilities, all but one classified as 'High' severity.

    First Chome zero-day fixed this year

    With this update, Google has addressed the first Chrome zero-day since the start of 2022.

     

    However, we will likely see many more disclosed as the year goes on as there were a total of 16 zero-days patched in 2021:

     

     

    Because this zero-day is known to have been used by attackers in the wild, is it strongly recommended that everyone install today's Google Chrome update as soon as possible.

     

     

    Google Chrome emergency update fixes zero-day exploited in attacks

     

    Frontpage:   Google Chrome 98.0.4758.102

    • Like 1
    • Thanks 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...