Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks.
Attackers commonly exploit use after free bugs to execute arbitrary code on computers running unpatched Chrome versions or escape the browser’s security sandbox.
Google has detected attacks exploiting this zero-day, it did not share any additional info regarding these incidents or technical details about the vulnerability. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix, Google added.
In addition to the zero-day, this Google Chrome update fixed seven other security vulnerabilities, all but one classified as ‘High’ severity. Below are the issues fixed in the current latest version.
- High CVE-2022-0603: Use after free in File Manager
- High CVE-2022-0604: Heap buffer overflow in Tab Groups.
- High CVE-2022-0605: Use after free in Webstore API.
- High CVE-2022-0606: Use after free in ANGLE.
- High CVE-2022-0607: Use after free in GPU.
- High CVE-2022-0608: Integer overflow in Mojo.
- High CVE-2022-0609: Use after free in Animation.
- Medium CVE-2022-0610: Inappropriate implementation in Gamepad API.