Update Chrome now to patch another zero-day flaw being used in attacks

By Kim Komando

February 16, 2022

© Roman Samborskyi | Dreamstime.com

Updates to software and operating systems aren’t anything new, often released with varying degrees of severity. But when an update rolls out to correct a single zero-day exploit, you know it’s serious.

While details are a bit sparse, Google quickly made an update available to fix another recently discovered vulnerability in its Chrome browser. This comes just over two weeks since Google’s last update patched 27 other Chrome issues.

Even if you updated Chrome once already this month, it’s time to do so again. We’ll tell you the risks of this latest vulnerability and how to make sure you’re up-to-date on security patches.

Here’s the backstory

Inching ever closer to version 100 of Chrome, the latest update addresses one zero-day exploit in addition to 10 other flaws. Google explained in the patch notes for version 98.0.4758.102 that the high-severity CVE-2022-0609 “exists in the wild.”

That means hackers are also aware of the breaching method and have actively used it to launch cyberattacks. Unfortunately, as is the case with many Google updates, specific details about the flaw were not revealed.

The only information available confirms it’s a “Use after free in Animation” bug, reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group. According to the Vulnerability Database (VulDB), the bug uses an unknown input that “leads to a memory corruption vulnerability, impacting confidentiality, integrity, and availability.”

It adds that the flaw is triggered remotely. Therefore, no form of authentication is needed for the exploit to succeed. The Database also speculates that software to breach the fault can retail for around $5,000.

This is the first zero-day exploit for Chrome in 2022, but Google might be in for a tough year. Over the last 12 months, the company fixed 16 other zero-day flaws.

What you can do about it

Whenever an update is made available, it is good to download it as soon as possible. Doing so will ensure that you have protection against all known threats – and some new features, when available. Here’s how you update your browser:

• Open the Chrome browser on your desktop computer.
• Tap the three stacked dots in the upper right corner (the menu).
• Hover over Help at the bottom and click on About Google Chrome.

As soon as you do, Chrome will automatically check your current version against what is available. For reference, the latest version once again is 98.0.4758.102.

If an update is found, you don’t need to do anything, as it will update by itself. However, remember to save any web pages or online work before doing so. The browser must restart for the changes to take effect.

Tags: authentication, Chrome browser, computer, cyberattacks, exploit, Google, Google Chrome, hackers, operating systems, restart, security, security patches, updates, vulnerability, zero-day exploit, zero-day flaws