Google on Monday announced the release of 11 security patches for Chrome, including one for a vulnerability exploited in the wild.
Tracked as CVE-2022-0609 and rated high severity, the exploited vulnerability is described as a use-after-free issue in Animation that was reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group.
“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” the Internet giant notes in an advisory.
While the company did not provide additional information on the exploited zero-day, use-after-free bugs are typically exploited to achieve the execution of arbitrary code on vulnerable systems.
This is the first exploited Chrome zero-day patched by Google in 2022. According to data from the company’s Project Zero group, there were 14 exploited Chrome flaws last year.
[READ: Google Patches 27 Vulnerabilities With Release of Chrome 98]
Rolling out to Windows, Mac and Linux systems as Chrome 98.0.4758.102, the new browser iteration addresses six other high-severity and one medium-severity security flaws reported by external researchers.
The most important of these is CVE-2022-0603, a use-after-free in file manager. Google paid the reporting researcher a $15,000 bug bounty reward.
Next in line are CVE-2022-0604 (heap buffer overflow in tab groups), CVE-2022-0605 (use-after-free in Webstore API), and CVE-2022-0606 (use-after-free in Angle). The company handed out $7,000 bounty payouts for each of these.
The remaining high-severity flaws addressed with this Chrome release are CVE-2022-0607 (use-after-free in GPU) and CVE-2022-0608 (integer overflow in Mojo). Tracked as CVE-2022-0610, the medium-severity security hole is described as an inappropriate implementation issue in the Gamepad API.
According to Google, Chrome users will receive the new update in the coming days/weeks. Those who do not want to wait can trigger the update immediately by going to Menu > Help > About Google Chrome.
Related: Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 97 Update
Related: Chrome 97 Patches 37 Vulnerabilities
Related: Google Patches Serious Use-After-Free Vulnerabilities in Chrome