February 16, 2022 

Google has released an emergency update, addressing an exploited in the wild zero-day vulnerability in Chrome. No further details were released regarding the vulnerability except that it is a ‘use after free’ bug in the animation component, a type of vulnerability that typically leads to remote code execution on affected systems. 

The release, 98.0.4758.102 for Windows, Mac, and Linux, addresses 8 vulnerabilities overall. 

The Zero-Day Vulnerability

• CVE-2022-0609 – ‘use after free’ in Animation. Attackers commonly exploit ‘use after free’ bugs to execute arbitrary code on computers running unpatched Chrome versions or escape the browser’s security sandbox. 

Affected Products

These vulnerabilities affect all unpatched Chrome and Chromium based browsers. 

Mitigation

CYREBRO urges users to update their browser to the latest Chrome version, 98.0.4758.102 for Windows, Mac, and Linux.

For the full patched vulnerabilities list, see Chrome Releases. 

References: Chrome Releases.