Google has recently released Chrome 98.0.4758.102, in which Google has fixed a critical zero-day vulnerability that is actively exploited by the threat actors.
This new version of Chrome (98.0.4758.102) is released for all the major platforms, and here they are mentioned below:-
- Windows
- Mac
- Linux
Here’s what the security team of Google has stated:-
“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild. And as usual, our ongoing internal security work was responsible for a wide range of fixes.”
Google has not Disclosed zero-day Details
The zero-day vulnerability that was fixed by Google is tracked as “CVE-2022-0609,” it’s a “Use after free in Animation” flaw that is marked as critical by the security analyst, Clément Lecigne.
This zero-day flaw was initially detected and reported by the Clément Lecigne, a cybersecurity researcher at Threat Analysis Group of Google.
The threat actors abuse use after free flaws to mainly perform the following two actions:-
- Execute arbitrary code on computers running vulnerable version of Chrome.
- Escape the security sandbox of the browser.
While along with this zero-day bug, Google has also fixed seven other vulnerabilities, and apart from the “CVE-2022-0609,” six vulnerabilities were marked with a ‘High’ severity tag, and one is marked with the ‘Medium’ severity tag.
Here are the other seven vulnerabilities:-
- CVE-2022-0603 (High Severity)
- CVE-2022-0604 (High Severity)
- CVE-2022-0605 (High Severity)
- CVE-2022-0605 (High Severity)
- CVE-2022-0607 (High Severity)
- CVE-2022-0608 (High Severity)
- CVE-2022-0610 (Medium Severity)
First Chome zero-day in 2022
In 2022, Google discovered and fixed the first Chrome zero-day vulnerability, which was tracked as “CVE-2022-0609.” While earlier in 2021, Google has fixed 16 zero-day vulnerabilities, and here they are:-
- CVE-2021-21148 – 4th February 2021
- CVE-2021-21166 – 2nd March 2021
- CVE-2021-21193 – 12th March 2021
- CVE-2021-21220 – 13th April 2021
- CVE-2021-21224 – 20th April 2021
- CVE-2021-30551 – 9th June 2021
- CVE-2021-30554 – 17th June 2021
- CVE-2021-30563 – 15th July 2021
- CVE-2021-30632 – 13th September 2021
- CVE-2021-30633 – 13th September 2021
- CVE-2021-37973 – 24th September 2021
- CVE-2021-37976 – 30th September 2021
- CVE-2021-37975 – 30th September 2021
- CVE-2021-38000 – 28th October 2021
- CVE-2021-38003 – 28th October 2021
- CVE-2021-4102 – 13th December 2021
Recommendation
Since the attackers actively exploited this known zero-day vulnerability, so, Google has strongly recommended users to update their Chrom immediately or else install the new version of Google Chrome.
If you want to update your Chrome, then you can follow the simple steps that we have mentioned below:-
- First of all, open your Chrome menu.
- Then select the Help option.
- After that, now you have to select About Google Chrome.
- That’s it, and now your Chrome will automatically start the update process.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.