Chrome Security Update 98.0.4758.102 Fixes Actively Exploited Vulnerability
Google released the Chrome 98.0.4758.102 web browser to the Stable channel on February 14, 2022. The new version of Chrome fixes several security issues, one of which is being actively exploited according to Google.
Chrome installations should receive the update automatically over time. Administrators and users who don’t want to wait for this to happen can run a manual update check to install patches immediately.
To do this, select Menu > Help > About Google Chrome or load chrome://settings/help directly into the address bar of the web browser. The page that opens displays the currently installed version of the web browser and runs a check for updates. If an update is found, it will be downloaded and installed automatically.
Google confirms on the company’s Google Chrome Releases blog that 11 security issues are fixed in the new version of Google Chrome. The highest severity rating is high, second only to critical.
Google only mentions security flaws discovered by external research: eight of the eleven security issues were discovered by non-Google employees.
[$15000] CVE-2022-0603: Use after free in file manager. Posted by Chaoyuan Peng (@ret2happy) on 2022-01-22
[$7000] High CVE-2022-0604: Buffer overflow in tab groups. Posted by Krace on 2021-11-24
[$7000] CVE-2022-0605: Use after free in online store API. Reported by Thomas Orlita on 2022-01-13
[$7000] CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. ltd. on 2022-01-17
[$TBD] High CVE-2022-0607: use after free in GPU. Reported by 0x74960 on 2021-09-17
[$NA] CVE-2022-0608: integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16
[$NA] CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group on 2022-02-10
[$TBD] Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Posted by Anonymous on 2022-01-08
The CVE-2022-0609 vulnerability, Use after free in Animation, is being actively exploited according to Google. Google does not mention the scale of the attacks. Chrome users may wish to update to the latest version as soon as possible to protect their browsers and data from potential attacks targeting the vulnerability.
It’s unclear if other Chromium-based browsers are affected. Since the vulnerability is related to animation, it seems likely that other Chromium-based browsers are also affected. Also expect security updates for these browsers in the coming days and weeks (if applicable).
Now you: when do you update your browsers?