Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. This is the first Chome zero-day fixed this year by Google.
The zero-day is a use after free issue that resides in Animation, the bug was reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group.
“Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group on 2022-02-10 [$TBD]” reads the security advisory published by Google. “Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.”
The emergency patches will be rolled out in the next weeks. Users could update their browser manually by visiting the entry Chrome menu > Help > About Google Chrome.
Google did not disclose technical details for the CVE-2022-0609 to avoid massive exploitation of the bug. The IT giant also avoided disclosing info regarding the attack in the wild exploiting the flaw.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google added.
Below is the list of the other flaws addressed by Google with the latest release of its browser:
Users are recommended to install Google Chrome update as soon as possible.
(SecurityAffairs – hacking, Google)