Google on Monday issued 11 security improvements for its Chrome browser, including a high severity zero-day bug that was actively compassed by attackers in the wild.
In short updates, Google illustrates its weaknesses, tracked as CVE-2022-0609, as a free-use vulnerability in Chrome animation components. Such weaknesses can cause all kinds of misery, starting from valid data corruption with the execution of the arbitrary code in the vulnerable system. Such weaknesses can also be used to escape from sandbox security boxes.
“Google knows the report that the exploitation for CVE-2022-0609 is in the wild,” according to its security updates.
To fix animated problems, along with 10 other security issues, Google released Chrome 98.0.4758.102 for Windows, Mac, and Linux, because it was launched for days or weeks.
Chrome users can fix it directly, by going to Chrome Menu> Help> About Google Chrome.
Given that Zero Day is under an active attack, updating Chrome must be done as soon as possible.
Credit for Zero Day’s animation went to Adam Weidemann and Clément Lecigne, both of the Google threat analysis group (tag).
Update Monday is also displayed more than four weaknesses of other high-severe use found in the API Webstore Chrome, File Manager, Angle and GPU. In addition, the company discusses the overflow integer level of high severity in Mojo, plus high severity H EAP Buffer Overflow in the tab group. Finally, Google patches a mid-severe problem with inappropriate implementation in the Gamepad API.
And So It Begins
This is the first zero day of Chrome this year, and more will definitely follow. But at least we have made it a 10th of 10 more than 10 days than managed in 2021, when the first bug was hit arrived on February 4.