Google released 11 security updates for its Chrome browser on Monday, including a high-severity zero-day flaw that is being actively exploited by attackers in the wild.
Google described the flaw, dubbed CVE-2022-0609, as a use-after-free flaw in Chrome’s Animation component in a brief update. This type of flaw can cause a wide range of problems, from valid data corruption to the execution of arbitrary code on affected systems. These kind of security vulnerabilities can be used to bypass the browser’s security sandbox.
According to the security update, it stated “Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,”
Mitigation
Google released Chrome 98.0.4758.102 for Windows, Mac, and Linux to fix the Animation issue, as well as ten other security issues. It will be available in the following days or weeks.
Chrome users, on the other hand, can fix it right away by navigating to the Chrome menu > Help > About Google Chrome.
Additional Info
Adam Weidemann and Clément Lecigne, both from Google’s Threat Analysis Group (TAG), deserve credit for the Animation zero day.
Four other high-severity use-after-free flaws in Chrome’s Webstore API, File Manager, ANGLE, and GPU were also patched in Monday’s update. A high-severity integer overflow in Mojo, as well as a high-severity heap buffer overflow in Tab Groups, were also resolved by Google. Finally, Google fixed a medium-severity issue with the inappropriate implementation in Gamepad API.