Google on Monday rolled out fixes for eight security issues in
the Chrome web browser, including a high-severity vulnerability
that’s being actively exploited in real-world attacks, marking the
first zero-day patched by the internet giant in 2022.
The shortcoming, tracked CVE-2022-0609, is
described as a use-after-free[1]
vulnerability in the Animation component that, if successfully
exploited, could lead to corruption of valid data and the execution
of arbitrary code on affected systems.
“Google is aware of reports that an exploit for
CVE-2022-0609 exists in the wild,” the company said[2]
in a characteristically brief statement acknowledging active
exploitation of the flaw. Credited with discovering and reporting
the flaw are Adam Weidemann and Clément Lecigne of Google’s Threat
Analysis Group (TAG).
Also addressed by Google four other use-after-free flaws
impacting File Manager, File Manager, ANGLE[3], and GPU, a heap buffer
overflow bug in Tab Groups, an integer overflow in Mojo, and an
issue with inappropriate implementation in Gamepad API.
Google Chrome users are highly recommended to update to the
latest version 98.0.4758.102 for Windows, Mac, and Linux to
mitigate any potential threats. It’s worth noting that Google had
addressed 17 zero-day flaws[4]
in Chrome in 2021.
References
- ^
use-after-free
(cwe.mitre.org) - ^
said
(chromereleases.googleblog.com) - ^
ANGLE
(en.wikipedia.org) - ^
17
zero-day flaws (thehackernews.com)
Read more https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html