You are currently viewing Google Fixed Actively Exploited Chrome Zero-Day Vulnerability-Patch Now!

Google Fixed Actively Exploited Chrome Zero-Day Vulnerability-Patch Now!

A high-severity zero-day flaw, tracked as CVE-2022-0609 in Google Chrome, is exploited in attacks. It is fixed with the release of Chrome 98.0.4758.102 emergency update for Windows, Mac, and Linux. This is the first zero-day Google has patched for Chrome this year, but it probably won’t be last.

“Google is aware of reports that an exploit for CVE-2022-0609 is being exploited in the wild,” It says, referring to what it describes as a “use after free in Animation” flaw that was reported by Adam Weidemann and Clément Lecigne of Google’s own Threat Analysis Group.

Endpoints that have not been patched are advised to deploy patches ASAP.

Zero-day Details Not Disclosed

Attackers commonly exploit use after free bugs to execute arbitrary code on computers running unpatched Chrome versions or escape the browser’s security sandbox. Google has not shared any additional info regarding these incidents, nor has it released any technical details about the vulnerability.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix”, Google added.


Affected Products: Google Chrome
Version: Prior 98.0.4758.102


CVE: CVE-2022-0603
Description: The vulnerability exists due to a use-after-free error within the File Manager component in Google Chrome
Impact: Successful exploitation may allow an attacker to compromise a vulnerable system.
Severity: High


CVE: CVE-2022-0604
Description: The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Groups.
Impact: Successful exploitation of this vulnerability may result in the complete compromise of a vulnerable system.
Severity: High


CVE: CVE-2022-0605
Description:  The vulnerability exists due to a use-after-free error within the Webstore API component in Google Chrome.
Impact: Successful exploitation may allow an attacker to compromise a vulnerable system.
Severity: High


CVE: CVE-2022-0606
Description: The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome
Impact: Successful exploitation may allow an attacker to compromise a vulnerable system.
Severity: High


CVE: CVE-2022-0607
Description: The vulnerability exists due to a use-after-free error within the GPU component in Google Chrome.
Impact: Successful exploitation may allow an attacker to compromise a vulnerable system.
Severity: High


CVE: CVE-2022-0608
Description: The vulnerability exists due to integer overflow in the Mojo component in Google Chrome
Impact: Successful exploitation of this vulnerability may result in the complete compromise of a vulnerable system.
Severity: High


CVE: CVE-2022-0609
Description: The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome
Impact: Successful exploitation may allow an attacker to compromise a vulnerable system.
Severity: High


CVE: CVE-2022-0610
Description: The vulnerability exists due to incorrect implementation in Gamepad API in Google Chrome
Impact: Successful exploitation allows a remote attacker to gain access to sensitive information
Severity: Medium


SanerNow VM and SanerNow PM detect these vulnerabilities and automatically fix them by applying security updates. Use SanerNow and keep your systems updated and secure.

 

 

 

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments