By: Armando D’Onorio (CISSP, GSLC, GCCC), Ferrilli’s Chief Information Security Officer & Senior Consultant
Google has released a NEW update for the Chrome browser for Windows, Mac, and Linux, to fix a high-severity, zero-day vulnerability used by threat actors in attacks.
“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.”
It is it strongly recommended that everyone install yesterday’s (2/15/2022) Google Chrome update as soon as possible.
We’re increasing awareness for our higher education community
Ferrilli is recommending that academic institutions pay close attention to failed patches on their systems and double-check that all systems have been patched (workstations, laptops, and servers). Please remind your faculty, staff, and students to patch their personal devices.
More info about the vulnerability
This is the first Chrome zero-day fix for this year . This vulnerability was discovered by Google’s Threat Analysis Group. While Google said they have detected attacks exploiting this zero-day, it did not share any additional info regarding these incidents or technical details about the vulnerability.
Very few details of the security flaw have been revealed but UAF vulnerabilities typically facilitate attacks such as arbitrary code execution and data corruption in unpatched software and can lead to the takeover of a victim’s machine.
The zero-day, tracked as CVE-2022-0609 is carrying a CVSSv3 score of 9.8/10.
What Version Should You Be On?
The latest stable build (98.0.4758.102) for Windows, Mac, and Linux brings with it a total of 11 security fixes, with many of the highest-severity flaws relating to use after free (UAF) vulnerabilities.
If you have any questions or need assistance, please click here to get help.