Google has issued Chrome 103.0.5060.114 for Windows people to fix a high-severity zero-day vulnerability that has been targeted in the wild by hackers. This is the fourth such bug discovered in the company’s browser software this year.
“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” the company says, referring to what it describes as a “use after free in Animation” flaw that was reported by Adam Weidemann and Clément Lecigne of Google’s own Threat Analysis Group.
According to the vulnerability’s listing on the Common Weakness Enumeration (CWE) website, the vulnerability, recorded as CVE-2022-2294 and disclosed on July 1 by Jan Vojtesek from the Avast Threat Intelligence team, is a buffer overflow “where the buffer that can be overwritten is assigned in the heap portion of memory.” As is customary, Google did not publish specifics about the bug and will most probably do it after the majority of users had updated to the fixed version of the impacted product.
Google claims that this version of Chrome also addresses seven other vulnerabilities (as well as three previously unknown security problems) (98.0.4758.102). The majority of those flaws, including CVE-2022-0609, were rated as High on the company’s severity scale. One was rated as Medium.
Chrome version 98.0.4758.102 is now available for Linux, Mac, and Windows on both the Stable and Extended Stable release channels, with the upgrade expected to reach all systems in the coming days/weeks. Chrome users may and should upgrade manually as well.