Security researchers have found a zero-day vulnerability in in Google’s Chrome browser that can cause a series of problems for users. Google has already issued a total of 11 security fixes for the issues, including one for a bug that is classed as high severity.
That specific vulnerability has already been targeted by threat actors in the wild. Across all the flaws, myriad problems such as arbitrary code execution and data corruption.
Google has published a brief describing the high-severity flaw, tracking it as ID CVE-2022-0609. According to the company, there is an issue in the Chrome Animation component. Among the issues the vulnerability can cause include corruption of data, or promote methods for escaping Chrome’s security framework.
“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” the company says.
Fix
Chrome 98.0.4758.102 is now available for Windows, Mac, and Linux as a fix for the Chrome Animation bug and 10 other vulnerabilities. This update will be rolling out in the coming days. However, users can opt for a manual instant install by heading to Chrome menu > Help > About Google Chrome.
The Animation zero day was found and disclosed by Adam Weidemann and Clément Lecigne, both from Google’s Threat Analysis Group (TAG).
Google does a mostly solid job at keeping Chrome secure. In fact, this is the first zero-day vulnerability the browser has had this year. In total during 2021, the company tackled 16 zero days.
Considering the potential danger of the Animation flaw, it is best to take the manual approach and install the patch now rather than wait for the automatic roll out.
Tip of the day: Though many VPN providers have their own apps, you can in many cases connect to a VPN in Windows 10 without any third-party software. This is ideal if you have a self-hosted VPN or if you’re using a PC with restricted permissions. In our tutorial, we’re showing you how to connect to a VPN in Windows 10.
