1 min read

Google Patches New, Actively Exploited Chrome 0-Day Vulnerability

Vlad CONSTANTINESCU

February 15, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Google Patches New, Actively Exploited Chrome 0-Day Vulnerability

Google yesterday rolled out a series of patches for 11 Chrome web browser security flaws, including a critical vulnerability actively leveraged in real-world attacks. The high-severity flaw is reportedly the first zero-day vulnerability patched by the company in 2022.

“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” according to a Google stable channel update announcement.

The flaw, tracked as CVE-2022-0609 and currently reserved, is a ­Use After Free Animation component vulnerability that could let attackers corrupt valid data and execute arbitrary code on compromised systems.

Google's Threat Analysis Group’s (TAG’s) Adam Weidemann, and Clément Lecigne were credited with identifying and reporting the high-severity vulnerability.

Google’s update rollout addresses four other Use After Free security flaws in File Manager, CPU, Angle, and Webstore API, a Heap buffer overflow impacting Tab Groups, an Integer overflow vulnerability in Mojo, and a medium-severity flaw concerning an inappropriate implementation in Gamepad API.

Threat actors exploit Use After Free vulnerabilities by referencing memory after it has been freed, leading to program crashes or arbitrary code executions, or returning unexpected values.

The company released the stable channel 98.0.4758.102 update for Windows, Mac and Linux users and said it would roll it out in the next few days or weeks. The extended stable channel has also received the 98.0.4758.102 update and is expected to roll out shortly.

The update carries 11 patches for security flaws, including eight contributed by external researchers.

Windows, Mac and Linux Chrome users should prioritize updating to the latest stable version 98.0.4758.102 to counter cyberattacks that could leverage unpatched vulnerabilities. Although Chrome usually receives updates automatically, it’s wise to check if you’re running the latest version by accessing About Google Chrome in the Help section of the browser’s main menu.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison
Vlad CONSTANTINESCU

December 05, 2022

1 min read
Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data
Filip TRUȚĂ

December 05, 2022

1 min read
Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read