Emergency Google Chrome update fixes nasty security bug

(Image credit: Shutterstock)

Google has issued a fix for a high-severity zero-day vulnerability in its Chrome browser which it claims is being abused in the wild.

"Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild," the company’s security advisory states.

Google describes the vulnerability as "Use after free in Animation", but has not gone into much exact detail about what this entails, or how extreme the risk is.

Abusing the flaws

The company says the flaws are being abused in the wild, but denied to share any details as to how they’re being abused, or by whom. It's difficult to say if malware was developed to abuse the flaw, and if it will get noticed by antivirus solutions.

Still, this should be incentive enough for the majority to update their browsers immediately.

Chrome version 98.0.4758.102 is now available for Windows, Mac, and Linux.

To apply the patch, Chrome users can navigate to the Chrome menu > Help > About > Google Chrome, or they can wait for their browser to update automatically the next time they relaunch it.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said.

Google frequently patches and upgrades Chrome. Last month, it added new functionality to avoid the Y2K-styled bug that broke many websites ages ago.

The Google Chrome browser is currently at its 98th iteration, and sooner rather than later, it will achieve the milestone of its 100th version. That, if history is any indication, could potentially result in some websites not being displayed correctly.

> One of the best Google Chrome features is getting an upgrade

> Google Chrome 100 update may break your website - but there's a fix

> Google Chrome update helps websites dodge imminent Y2K-style disaster

In an announcement published on the Chromium blog, Google reminded that when Chrome first jumped from a single-figure version to a double-figure one (versions 9 to 10), this didn’t sit well with some older websites. With version 100, it aims not to repeat the same mistakes.

The current v98 also comes with additional tweaks and improvements, such as the support for COLRv1 color gradient vector fonts, as an additional new font format.

In v98 beta, the company also introduced the Origin Trials, a feature that allows users to test new features and give feedback on usability, practicality, and effectiveness to the web standards community.

You might also want to check out our list of the best ransomware protection right now

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.