Google yesterday rolled out a series of patches for 11 Chrome web browser security flaws, including a critical vulnerability actively leveraged in real-world attacks. The high-severity flaw is reportedly the first zero-day vulnerability patched by the company in 2022.
“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” according to a Google stable channel update announcement.
The flaw, tracked as CVE-2022-0609 and currently reserved, is a Use After Free Animation component vulnerability that could let attackers corrupt valid data and execute arbitrary code on compromised systems.
Google’s Threat Analysis Group’s (TAG’s) Adam Weidemann, and Clément Lecigne were credited with identifying and reporting the high-severity vulnerability.
Google’s update rollout addresses four other Use After Free security flaws in File Manager, CPU, Angle, and Webstore API, a Heap buffer overflow impacting Tab Groups, an Integer overflow vulnerability in Mojo, and a medium-severity flaw concerning an inappropriate implementation in Gamepad API.
Threat actors exploit Use After Free vulnerabilities by referencing memory after it has been freed, leading to program crashes or arbitrary code executions, or returning unexpected values.
The company released the stable channel 98.0.4758.102 update for Windows, Mac and Linux users and said it would roll it out in the next few days or weeks. The extended stable channel has also received the 98.0.4758.102 update and is expected to roll out shortly.
The update carries 11 patches for security flaws, including eight contributed by external researchers.
Windows, Mac and Linux Chrome users should prioritize updating to the latest stable version 98.0.4758.102 to counter cyberattacks that could leverage unpatched vulnerabilities. Although Chrome usually receives updates automatically, it’s wise to check if you’re running the latest version by accessing About Google Chrome in the Help section of the browser’s main menu.