Google Patches Actively Exploited Chrome Zero-Day Vulnerability

pcmag.com:

The latest version of Google Chrome patches an actively exploited zero-day vulnerability.

"Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild," the company says, referring to what it describes as a "use after free in Animation" flaw that was reported by Adam Weidemann and Clément Lecigne of Google's own Threat Analysis Group.

Google says it also patched seven other vulnerabilities (and a trio of undisclosed security flaws) with this version of Chrome (98.0.4758.102). Most of those vulnerabilities—including CVE-2022-0609—received a High rating on the company's severity scale. One received a Medium rating.

BleepingComputer notes that this is the first zero-day vulnerability in Chrome that Google has patched so far this year. It probably won't be the last, though, considering the browser's popularity. The company fixed 16 similar vulnerabilities throughout 2021.

Google says that Chrome version 98.0.4758.102 is rolling out now for Windows, Mac, and Linux on both the Stable and Extended Stable release channels; the update should reach all devices "over the coming days/weeks." Chrome users can—and should— also update manually.

Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Your subscription has been confirmed. Keep an eye on your inbox!