Google on Monday announced the release of 11 security patches for Chrome, including one for a vulnerability exploited in the wild.
Tracked as CVE-2022-0609 and rated high severity, the exploited vulnerability is described as a use-after-free issue in Animation that was reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group.
“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” the Internet giant notes in an advisory.
While the company did not provide additional information on the exploited zero-day, use-after-free bugs are typically exploited to achieve the execution of arbitrary code on vulnerable systems.
This is the first exploited Chrome zero-day patched by Google in 2022. According to data from the company’s Project Zero group, there were 14 exploited Chrome flaws last year.
[READ: Google Patches 27 Vulnerabilities With Release of Chrome 98]
Rolling out to Windows, Mac and Linux systems as Chrome 98.0.4758.102, the new browser iteration addresses six other high-severity and one medium-severity security flaws reported by external researchers.
The most important of these is CVE-2022-0603, a use-after-free in file manager. Google paid the reporting researcher a $15,000 bug bounty reward.
Next in line are CVE-2022-0604 (heap buffer overflow in tab groups), CVE-2022-0605 (use-after-free in Webstore API), and CVE-2022-0606 (use-after-free in Angle). The company handed out $7,000 bounty payouts for each of these.
The remaining high-severity flaws addressed with this Chrome release are CVE-2022-0607 (use-after-free in GPU) and CVE-2022-0608 (integer overflow in Mojo). Tracked as CVE-2022-0610, the medium-severity security hole is described as an inappropriate implementation issue in the Gamepad API.
According to Google, Chrome users will receive the new update in the coming days/weeks. Those who do not want to wait can trigger the update immediately by going to Menu > Help > About Google Chrome.
Related: Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 97 Update
Related: Chrome 97 Patches 37 Vulnerabilities
Related: Google Patches Serious Use-After-Free Vulnerabilities in Chrome
More from Ionut Arghire
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
Latest News
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
