Google releases Chrome 98 security update with fix for zero-day vulnerability (CVE-2022-0609) exploited in the wild

Google has released Chrome 98.0.4758.102 for Windows, Mac and Linux with fixes for multiple vulnerabilities, to include one zero-day (CVE-2022-0609) exploited in the wild.

An attacker could exploit these vulnerabilities to take control of impacted systems.

The latest Chrome 98 (98.0.4758.102) security update patched 11 vulnerabilities in all, to include 7 High severity vulnerabilities (bold denotes zero-day), each discovered by external researchers:

  • High CVE-2022-0603: Use after free in File Manager.
  • High CVE-2022-0604: Heap buffer overflow in Tab Groups.
  • High CVE-2022-0605: Use after free in Webstore API.
  • High CVE-2022-0606: Use after free in ANGLE.
  • High CVE-2022-0607: Use after free in GPU.
  • High CVE-2022-0608: Integer overflow in Mojo.
  • High CVE-2022-0609: Use after free in Animation.

Google confirmed reports of an exploit for CVE-2022-0609 exists in the wild.

In addition, Google also released a new version of Chrome 98 (98.0.4758.101) for Android.