Google Chrome Vulnerability (CVE-2022-0609)

Multiple vulnerabilities were recently identified in Google Chrome web browser, specifically the critical Use-after-free vulnerability (CVE-2022-0609), which could allow threat actors to execute arbitrary code on any computer running unpatched chrome versions. This vulnerability is being exploited in the wild. Users are strongly urged to apply the updates to the latest chrome version immediately to mitigate any potential threats.

Vulnerability

• Use-after-free Vulnerability (CVE-2022-0609)
  • Description:
    A use-after-free error within the Animation component in Google Chrome. A remote attacker can cause a drive-by-compromise by creating a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Severity Level

• Critical

Affected application

• Google Chrome prior to 98.0.4758.102 for Windows, Mac and Linux

Remediation

• Update Google Chrome to the latest version asap with the steps below:
  • Open the Google Chrome browser and click the three-dot icon in the top-right corner of the window, then click Settings.
  • Click About Chrome on the left menu, it will launch update automatically, or click update manually.
  • Wait for the update to finish and click Relaunch.

Reference

• HKCERT:
  https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities_20220215

Enquiry

• ITSC Service Desk: http://servicedesk.itsc.cuhk.edu.hk

Published on: 16 Feb 2022