Google has released a security update for its Chrome browser. This update contains 11 security fixes, including a patch for a vulnerability that Google claims is actively being exploited.
The vulnerabilities have been fixed in Chrome version 98.0.4758.102 for Windows, macOS and Linux, which will be rolled out “in the coming days or weeks.” The update will be released in Chrome’s stable and extended stable channels. Users can install the update directly through the browser settings, under ‘Help’ and ‘About Google Chrome’.
The zeroday that has been resolved is marked as CVE-2022-0609 and is assigned a “high” level of risk. The bug was discovered on February 10. The vulnerability is described as a use-after-free in the animation part of Chrome. Such vulnerabilities could lead to data corruption and could also allow arbitrary code execution. Google does not share concrete details about the vulnerability. According to the company, such information will be withheld until a majority of users have implemented the update.
The update also fixes a number of use-after-free bugs, all of which also have a “high” risk score. The tech giant also reports an integer overflow in Mojo and an incorrect implementation of the gamepad API. Google does not share any further details about these bugs.