These multiple vulnerabilities could be exploited by a remote attacker to activate denial of service condition, remote code execution, and security restriction bypass on the targeted system. Version number 98.0.4758.102 of the Chrome browser fixes vulnerabilities such as CVE-2022-0603, CVE-2022-0604, CVE-2022-0605, CVE-2022-0606, CVE-2022-0607, CVE-2022-0608, CVE-2022-0609, and CVE -2022-0610. Of the above, the zero-day bug tracked as CVE-2022-0609 (“Use after free in Animation”) was discovered by members of the Google Threat Analysis Team and being exploited in real-world attacks. “Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” the search giant confirmed on the company’s Google Chrome Releases blog. Here is a brief overview of the vulnerabilities closed in Chrome 98.0.4758.102 for desktop:
High CVE-2022-0603: Use after free in File Manager High CVE-2022-0604: Heap buffer overflow in Tab Groups High CVE-2022-0605: Use after free in Webstore API High CVE-2022-0606: Use after free in ANGLE High CVE-2022-0607: Use after free in GPU High CVE-2022-0608: Integer overflow in Mojo High CVE-2022-0609: Use after free in Animation Medium CVE-2022-0610: Inappropriate implementation in Gamepad API
Google said it will be rolling out the Chrome update over the coming days/weeks. Alternatively, you can install the update immediately by going into the Chrome Menu > Help > About Google Chrome or load chrome://settings/help directly in the web browser’s address bar. If an update is available, it will be downloaded and installed automatically. Since the zero-day vulnerabilities are known to have been exploited by the attackers in the wild, Google Chrome users are strongly recommended to install Google Chrome update as soon as possible to prevent potential threats.