⚡ TL;DR | Go Straight to the Chrome 98 0-day Report
Google released Chrome 98.0.4758.102, a security focussed release with 11 security fixes just over a week after their 98 major release. One issue in particular is also being reported as actively exploited, therefore it is critical that you update Chrome as soon as possible to prevent exploitations. CVE-2022-0609 is listed as a “Use after free in Animation” vulnerability, not much more information has been disclosed about the attack vectors or how actively is it being exploited but regardless, patching is needed.
Aside from fixing the actively exploited vulnerability, 10 other issues were also addressed. While they are not actively exploited, many of them are still rated as high severity and should be reason enough to update your environment to prevent issues. The full list of notable fixes that Google released is as follows:
- High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22
- High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24
- High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita on 2022-01-13
- High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17
- High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17
- High CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16
- High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group on 2022-02-10
- Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08
To organizations prevent issues, we’ve created a report that provides an overview of all Windows devices and their current Chrome version so you can easily monitor your exposure to CVE-2022-0609.