Scroll Top
19th Ave New York, NY 95822, USA
+1 916-875-223-5968
Join Now

Google Chrome: Emergency update for zero-day bug exploited in attacks

chrome
February 15, 2022

Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks.

“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” Google said in a security advisory released today.

Google states that the Chrome update will roll out over the coming weeks. However, it is possible to install the update immediately simply by going into the Chrome menu > Help About Google Chrome.

The browser will also automatically check for new updates and install them the next time you close and relaunch Google Chrome.

Zero-day details not disclosed

The zero-day bug fixed today, tracked as CVE-2022-0609, is described as a “Use after free in Animation” and was assigned a High severity level.

This vulnerability was discovered by Clément Lecigne from Google’s Threat Analysis Group.

Attackers commonly exploit use after free bugs to execute arbitrary code on computers running unpatched Chrome versions or escape the browser’s security sandbox.

While Google said they have detected attacks exploiting this zero-day, it did not share any additional info regarding these incidents or technical details about the vulnerability.

zero-day

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google added.

In addition to the zero-day, this Google Chrome update fixed seven other security vulnerabilities, all but one classified as ‘High’ severity.

First Chome zero-day fixed this year

With this update, Google has addressed the first Chrome zero-day since the start of 2022.

However, we will likely see many more disclosed as the year goes on as there were a total of 16 zero-days patched in 2021:

  • CVE-2021-21148 – February 4th
  • CVE-2021-21166 – March 2nd
  • CVE-2021-21193 – March 12th
  • CVE-2021-21220 – April 13th
  • CVE-2021-21224 – April 20th
  • CVE-2021-30551 – June 9th
  • CVE-2021-30554 – June 17th
  • CVE-2021-30563 – July 15th
  • CVE-2021-30632 and CVE-2021-30633 – September 13th
  • CVE-2021-37973 – September 24th
  • CVE-2021-37976 and CVE-2021-37975 – September 30th
  • CVE-2021-38000 and CVE-2021-38003 – October 28th
  • CVE-2021-4102 – December 13th

Because this zero-day is known to have been used by attackers in the wild, is it strongly recommended that everyone install today’s Google Chrome update as soon as possible.

Source: Bleeping Computer

Related Posts

Predator spyware infected Android devices through zero-days

Google’s Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by…

23 May 2022
Spring4Shell attacks target about one in six vulnerable organizations worldwide

Roughly one out of six organizations worldwide that are impacted by the Spring4Shell zero-day vulnerability have already been targeted by…

06 Apr 2022
Apple fixes actively exploited iOS zero-day to older iPhones

Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that…

01 Sep 2022
Results About You: Google Will help you remove personal info from Search Results

Starting today, people in the U.S. will be able to use Google’s new “Results About You” feature, which aims to…

29 Sep 2022
Cybercriminals mostly targeted Google, Microsoft, Apple zero-day bugs in 2022

Hackers continue to target zero-day vulnerabilities in malicious campaigns, with researchers reporting that 55 zero-days were actively exploited in 2022,…

21 Mar 2023
Apple fixes zero-day bug used to hack MACS, iPhones, iPads

Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones,…

11 Feb 2022
Google Assistant warn you and help you change breached passwords

Last year, Google announced it would be introducing a feature in Chrome for Android that would allow Assistant to help you…

05 May 2022
Scammers sell Fake Microsoft Exchange ProxyNotShell exploits on GitHub

Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities. Last week, Vietnamese…

04 Oct 2022
Google Pixel: An ‘Acropalypse’ flaw allowed recovery of redacted, cropped images

An ‘Acropalypse’ flaw in Google Pixel ‘s Markup tool made it possible to partially recover edited or redacted screenshots and…

21 Mar 2023
Windows zero-day bug giving admin rights, gets unofficial patch

A Windows local privilege escalation zero-day vulnerability that Microsoft has failed to fully address for several months now, allows users…

22 Mar 2022
Google: Emergency Chrome update to fix zero-day

Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day…

25 Nov 2022
Microsoft Exchange zero-day bugs exploited in attacks

Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers…

30 Sep 2022
Hackers abuse Google Ads to spread malware to users searching for popular software

Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products….

29 Dec 2022
Microsoft: October 2022 Patch Tuesday fixes 84 flaws

Today is Microsoft’s October 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a…

12 Oct 2022
Microsoft patches Windows zero-day used for ransomware attacks

Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber…

15 Mar 2023