Chrome 98.0.4758.102 has been released for Windows, Mac, and Linux to address a significant zero-day vulnerability used by threat actors in malicious attacks.
The emergency patches will be available in the coming weeks, but you may obtain the update immediately by going to the Chrome menu > Help > About Google Chrome. When you relaunch Google Chrome, the browser will search for new updates and install them automatically.
The CVE-2022-0609 zero-day vulnerability was fixed today, and it was characterised as a high-severity “Use after free in Animation” flaw. While the company identified attacks that took use of the zero-day issue, it did not provide any additional information or technical details about the flaw until most customers had a chance to update their software. Chrome 94.0.4606.71 in the Stable Desktop version has began rolling out to users worldwide, and it should be available to all users over the next few days.
Aside from the zero-day, this Google Chrome update patched seven other security flaws, all of which were rated as ‘High’ severity. Google has corrected the first zero-day vulnerability in Chrome since its release.
Given that 16 zero-day vulnerabilities were patched in 2021, there’s a good chance that many more will be found as the year develops.
Because this zero-day has been used in the wild by attackers, it is vital that everyone update their Google Chrome as soon as possible.