Google has released a patch for a high-severity zero-day vulnerability in its Chrome browser that it says is openly abused.
"Google is aware of reports that an exploit exists for CVE-2022-0609," the company's security advisory states.
Google describes the vulnerability as "Use after free in animation," but did not go into exact details about what it entails or the extreme risk.
abusing flaws
The company says the flaws are abused by nature, but declined to share details about how or by whom. It's unclear whether malware has been developed to exploit the flaw and whether antivirus solutions will notice it.
Still, this should be enough of an incentive for most to update their browsers right away.
Chrome version 98.0.4758.102 is now available for Windows, Mac, and Linux.
To apply the patch, Chrome users can go to the Chrome menu > Help > About > Google Chromeor they can wait for their browser to refresh automatically the next time they open it again.
"Access to bug details and links may be restricted until the majority of users are updated with a fix," Google said.
Google fixes and updates Chrome frequently. Last month, it added a new feature to work around the Y2K-style bug that broke many websites long ago.
The Google Chrome browser is currently at its version 98, and sooner rather than later it will hit its version 100 milestone. This, if history is any indication, could cause some websites to not display correctly.
In an announcement posted on the Chromium Blog, Google recalled that when Chrome first went from a single-digit to a double-digit version (versions 9-10), it was no longer suitable for some older websites. With version 100, it intends not to repeat the same mistakes.
The current v98 also includes additional tweaks and enhancements, such as support for COLRv1 color gradient vector fonts as a new additional font format.
In the v98 beta, the company also introduced Origin Trials, a feature that allows users to test new features and provide feedback on usability, desirability, and effectiveness to the web standards community.
Via: BleepingComputer