Chrome urgent zero-day flaw An exploit for a critical browser flaw has already been discovered in the wild.
If you’re a Chrome user and haven’t already, it’s time to upgrade your desktop browsers to fix a zero-day bug that hackers might exploit.
CVE-2022-0609 is a “use after free in Animation” vulnerability, according to a post on the Chrome blog from Google yesterday, and there are claims that a “exploit for CVE-2022-0609 exists in the wild.”
Google did not reveal who may have the vulnerability, whether they were using it or against whom, or how it worked. This vulnerability has been rated high severity, thus you must prepare as though an attack is currently in progress using it.
Chrome for Windows, macOS, and Linux has been updated to version 98.0.4758.102 as of yesterday’s update. Mobile Chrome applications are updated independently.
So far, we don’t know which of Chrome and its open-source parent Chromium’s animation-related components are vulnerable to attack. This is a problem because “use after free” suggests that the component isn’t correctly reallocating memory space once it’s performed a job, and that malware or human attackers may be able to steal that memory space and do nasty things with it.
The Google Threat Analysis Group’s Adam Weidemann and Clément Lecigne were credited with finding the vulnerability. The flaw’s specifics haven’t been made public yet.
Another ten Chrome issues, at least four of which are use-after-free problems, have been corrected.
Chrome and comparable browsers: how to keep them up to date
When you restart Chrome on a Mac or PC, it should immediately download and install the latest version of Chrome. A company-owned computer may have an IT department that decides when the update is installed. The general-purpose software updater in your Linux distribution may be required, or you may wait for an update package.
It’s not necessary to restart Chrome after clicking the three vertical dots at the top of the browser window; just scroll down to Help and choose About Google Chrome to see the latest version of Chrome.
To initiate the update, a new tab will appear, telling you whether or not Chrome 98.0.4758.102 is the most recent version to be installed on your computer.
When you restart other Chromium-based browsers, they will all be updated automatically. Unlike Chrome and Microsoft Edge, Brave does away with the fly-out menu and places “About Brave” directly in the Settings menu. However, as of the time of this writing, neither had taken into account the changes made the day before.
Manual updates in Opera and Vivaldi are accomplished by first clicking the browser logo in the top left corner, and then selecting the corresponding updater option from the drop-down menu. The most recent version of Chromium was not visible in any of these applications.