Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a severe zero-day vulnerability used by threat actors in malicious attacks.
While the emergency patches will be rolled out in the next couple of weeks, it is possible to install the update immediately by going into the Chrome menu > Help > About Google Chrome. Additionally, the browser will also automatically check for new updates and install them the next time you relaunch Google Chrome.
The zero-day bug fixed today, tracked as CVE-2022-0609, is described as a “Use after free in Animation” and was assigned a high severity level. While the company did identify attacks leveraging this zero-day vulnerability, it did not provide more information or technical details regarding the flaw, at least not until most users have had a chance to plug in a new update. The company started pushing out Chrome 94.0.4606.71 to users worldwide in the Stable Desktop version, and it should be accessible to all users within the coming days.
Aside from the zero-day, this Google Chrome version patched seven additional security flaws, all but one of which were rated as ‘High’ severity. With this release, Google has solved the first Chrome zero-day since the beginning of 2022. Given that there were 16 zero-days patched in 2021, many more are likely to come as the year progresses.
As attackers have been known to exploit this zero-day in the wild, it is strongly advised that everyone install the newest Google Chrome update as soon as possible.
