A high-severity zero-day flaw tracked as CVE-2022-0609 in Google Chrome is exploited in attacks. It is finally resolving with the release of Chrome 98.0.4758.102 emergency update for Windows, Mac, and Linux. This is the first zero-day vulnerability Google has patched for Chrome this year, but it probably won’t be the last. However, this process will become easy by using a Patch Management Software.
“Google is aware of reports that an exploit for CVE-2022-0609 is being exploited in the wild,” referring to what it describes as a “use after free in Animation” flaw. Moreover, this was reported by Adam Weidemann and Clément Lecigne of Google’s own Threat Analysis Group. Reporting these vulnerabilities is easier with a Vulnerability Management Tool.
Endpoints that have not been patched are finally advised to deploy patches ASAP.
Zero-day Details Not Disclosed
Attackers commonly exploit use after free bugs to execute arbitrary code on computers running unpatched Chrome versions or escape the browser’s security sandbox. Google has not shared any additional info regarding these incidents nor released any technical details about the zero-day vulnerability.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix”, Google added.
Affected Products: Google Chrome
Version: Prior 98.0.4758.102
CVE: CVE-2022-0603
Description: The vulnerability exists due to a use-after-free error within the File Manager component in Google Chrome
Impact: Successful exploitation may allow an attacker to compromise a vulnerable system.
Severity: High
CVE: CVE-2022-0604
Description: The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Groups.
Impact: Successful exploitation of this vulnerability may result in the complete compromise of a vulnerable system.
Severity: High
CVE: CVE-2022-0605
Description: The vulnerability exists due to a use-after-free error within the Webstore API component in Google Chrome.
Impact: Successful exploitation may allow an attacker to compromise a vulnerable system.
Severity: High
CVE: CVE-2022-0606
Description: The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome
Impact: Successful exploitation may allow an attacker to compromise a vulnerable system.
Severity: High
CVE: CVE-2022-0607
Description: The vulnerability exists due to a use-after-free error within the GPU component in Google Chrome.
Impact: Successful exploitation may allow an attacker to compromise a vulnerable system.
Severity: High
CVE: CVE-2022-0608
Description: The vulnerability exists due to integer overflow in the Mojo component in Google Chrome
Impact: Successful exploitation of this vulnerability may result in the complete compromise of a vulnerable system.
Severity: High
CVE: CVE-2022-0609
Description: The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome
Impact: Successful exploitation may allow an attacker to compromise a vulnerable system.
Severity: High
CVE: CVE-2022-0610
Description: The vulnerability exists due to the incorrect implementation of Gamepad API in Google Chrome
Impact: Successful exploitation allows a remote attacker to gain access to sensitive information
Severity: Medium
SanerNow VM and SanerNow PM detect and automatically fix these vulnerabilities by applying security updates. Therefore Use SanerNow and keep your systems updated and secure.