Chrome security update 98.0.4758.102 with patch for actively exploited vulnerability

Google released the Chrome web browser 98.0.4758.102 in the Stable channel on February 14, 2022. The new version of Chrome fixes several security issues, one of which is being actively exploited according to Google.

Chrome installations should automatically receive the update over time. Administrators and users who don’t want to wait for this to happen can run a manual update check to install patches immediately.

To do this, select Menu > Help > About Google Chrome or load chrome://settings/help directly into the web browser’s address bar. The page that opens displays the currently installed version of the web browser and runs a search for updates. If an update is found, it will be downloaded and installed automatically.

Google confirms in the company Google Chrome Releases Blog that 11 security issues are fixed in the new version of Google Chrome. The highest severity rating is high, the second highest after critical.

Google mentions only security vulnerabilities that have been discovered by external research: eight of the eleven security issues were discovered by non-Google employees.

[$15000][1290008] Stop CVE-2022-0603: use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22

[$7000][1273397] High CVE-2022-0604: Heap buffer overflow in tab groups. Reported by Krace on 2021-11-24

[$7000][1286940] High CVE-2022-0605: Use after free in webstore API. Reported by Tomás Orlita on 2022-01-13

[$7000][1288020] High CVE-2022-0606: Use after free on ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17

[$TBD][1250655] High CVE-2022-0607: Use after free on GPU. Reported by 0x74960 on 2021-09-17

[$NA][1270333] Added CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16

[$NA][1296150] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of the Google Threat Analysis Group on 2022-02-10

[$TBD][1285449] Medium CVE-2022-0610: Improper implementation in Gamepad API. Reported by Anonymous on 2022-01-08

The vulnerability CVE-2022-0609, Use after free in Animation, is actively exploited according to Google. Google doesn’t mention how widespread the attacks are. Chrome users may want to update to the latest version as soon as possible to protect their browsers and data from potential attacks targeting the vulnerability.

It’s unclear if other Chromium-based browsers are affected. Since the vulnerability is related to animation, it seems likely that other Chromium-based browsers will also be affected by it. Expect security updates for these browsers as well in the coming days and weeks (if they are affected).

Now you: when do they update their browsers?

advertising