Google has released a new Chrome update for Windows, macOS, and Linux that fixes a total of 11 security issues. Of these vulnerabilities, the update patches a highly-severe zero-day bug that has already been exploited by attackers. It is known as a ‘use-after-free’ vulnerability that exists in Chrome’s Animation component. An attacker can exploit the bug to corrupt data or even execute a code on the system, without letting its users know. This is notably the first zero-day bug impacting the Chrome browser that has been patched by Google.
Among other fixes available in the latest release, the zero-day bug has been identified as CVE-2022-0609. It was reported by Google’s Threat Analysis Group on February 10, according to the blog post.
“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” the company said.
Considering the high-severity of the bug, users are advised to immediately update Chrome on their systems.
Although Chrome checks for new updates automatically, you can manually look for the latest version by going to Chrome > About Google Chrome. You can also check for the update by clicking the three-dot button from the right-most corner and then Help > About Google Chrome.
In addition to the zero-day bug, the Chrome version 98.0.4758.102 fixes four other ‘use-after-free’ security issues that are rated with high severity and were found in the browser’s Fire Manager, Webstore API, ANGLE, and GPU process. The update also patches another high-severity bug that was due to a ‘heap buffer overflow’ problem that existed in the Tab Groups.
Further, the new version includes a fix for a medium-severity issue that existed due to an inappropriate implementation in the Gamepad API, as per the details publicly shared by Google.
This is notably not the first time when a zero-day vulnerability was found in Chrome. Last year, Google fixed a total 16 zero-day bugs within the browser through different security updates.
Zero-day bugs can be quite harmful for the masses as they are discovered before security researchers and software vendors become aware of their existence. Cybercriminals and attackers can exploit these vulnerabilities before they come into the limelight to gain access to user data and systems.