CVE-2022-0609 is a new zero-day vulnerability in Google Chrome which has been used by threat actors in attacks.
CVE-2022-0609 in Google Chrome – What Is Known?
Google has already released Chrome 98.0.4758.102 for Windows, Mac, and Linux to address the serious issue. In fact, it should be noted that this update includes a total of 11 security fixes.
Apparently, the update to address CVE-2022-0609 will be rolled out in the weeks to come. However, if you want to install it immediately, you can jump to Google Chrome menu, select Help, then About Google Chrome, and apply the update. Also note that your browser will check automatically for new updates and install them the next time your relaunch the browser.
It may be a good idea to get the update yourself, as “Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.”
The technical details about CVE-2022-0609 are scarce. Google has described it as a user after free in Animation bug, which has a high-severity score. The vulnerability was discovered by Clément Lecigne from Google’s Threat Analysis Group.
It is noteworthy that threat actors tend to exploit use-after-free flaws in order to execute arbitrary code on vulnerable systems running unpatched Chrome versions. These bugs also help to escape the browser’s security sandbox.
Another example of a use-after-free Chrome zero-day exploited in the wild is CVE-2021-37973. The bug resided in the Portals API, which is a web page navigation system that helps in page transitions, or what users see when they move between pages. This bug was also disclosed by Clément Lecigne.