Latest Chrome Update Addresses a New Zero-Day Exploit

The latest Chrome update—version 98.0.4758.102—is rolling out for Windows, Mac, and Linux users and addresses a number of critical security exploits.

Google's update log notes 11 different security fixes being implemented in the new update, with eight of them considered high-level risks. Several of them are used after free (UAF) exploits that take advantage of a memory loophole to corrupt data or execute code against the user's knowledge.

Of particular note is the one designated CVE-2022-0609, which reportedly allows for UAF in Animation, which Google says has previously been exploited. This means it was used for malicious purposes on more than one occasion, and details on how to use the exploit have likely been spread to other would-be malicious actors. According to Google, none of the other bugs on the list seem to have been exploited yet.

Additional details about the security exploits addressed in the new update are being guarded for the moment. Google states that it's intentionally doing so "until a majority of users are updated with a fix." Likely as a way to prevent potential attackers from figuring out how to use these exploits and to make their attack opportunity window smaller (i.e., once there are fewer at-risk users).

Chrome version 98.0.4758.102 will be steadily rolled out "over the coming days/weeks," but you can manually update now via the About Google Chrome menu. You'll have to restart the browser for it to take effect though, so make sure you don't have anything important left unsaved first.