Google on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that’s being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022.
The shortcoming, tracked CVE-2022-0609, is described as a use-after-free vulnerability in the Animation component that, if successfully exploited, could lead to corruption of valid data and the execution of arbitrary code on affected systems.
“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” the company said in a characteristically brief statement acknowledging active exploitation of the flaw. Credited with discovering and reporting the flaw are Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group (TAG).
Also addressed by Google four other use-after-free flaws impacting File Manager, Webstore API, ANGLE, and GPU, a heap buffer overflow bug in Tab Groups, an integer overflow in Mojo, and an issue with inappropriate implementation in Gamepad API.
Google Chrome users are highly recommended to update to the latest version 98.0.4758.102 for Windows, Mac, and Linux to mitigate any potential threats. It’s worth noting that Google had addressed 17 zero-day flaws in Chrome in 2021.