Google’s Threat Analysis group reported a zero-day vulnerability (CVE-2022-0609) in Chrome that threat actors are currently exploiting in the wild. This is Chrome’s first zero-day of 2022.
This flaw is a high severity use-after-free vulnerability in the Animation component of Chrome. Not much else is currently known about the bug.
This vulnerability affects all Chrome users, regardless of which OS is running.
The complexity of this flaw is not fully known. However, the type of vulnerability and information disclosed by Google leads us to believe it can be triggered without much effort.
CISA (Cybersecurity Infrastructure and Security Agency) added the CVE to a catalog covered by its Binding Operational Directive, which means that the vulnerability carries a “significant risk to the federal enterprise”
A use-after-free (UAF) exploit refers to memory after it has been freed, which can cause a program to use unexpected values, corrupt valid data, crash, or execute code, according to MITRE.
The root cause of UAF exploits can vary, although the two most common causes are exceptional circumstances such as error conditions, and confusion over which part of the program is responsible for freeing memory.
Google Chrome’s update on Monday addressed four other UAF flaws found in the browser’s Webstore API, File Manager, ANGLE, and GPU, according to Threatpost.
The latest Chrome update (Chrome 98.0.4758.102) addresses this issue in Windows, Mac and Linux, so users should patch Google Chrome immediately by navigating to the menu and selecting Help>About Google Chrome.
This new version of Chrome also patches seven other vulnerabilities — including one that received a High severity rating — so it’s important to update as soon as possible.
Administrators can turn on auto updates in Group Policy. In Group Policy, Windows administrators can navigate to Google>Google Update>Applications, and then enable the policy to Update Policy Override. Then, navigate to Options>Always Allow Updates.
Mac administrators can turn on auto updates via Google Workspace Managed Browsers, or through a mobile device management (MDM) console.
Blumira’s cloud SIEM detects and alerts you about suspicious behavior in your environment so that you can stop an incident early enough to prevent damage. Each finding we send is accompanied with a security playbook, giving you clear recommendations on how to remediate an attack. Our support team of security analysts is always available to answer questions on how to interpret a finding, or for other security help.
Blumira’s free trial is easy to deploy; IT and security teams can start seeing immediate security value for their organizations.