Google fixes a zero-day threat and several high-severity vulnerabilities in Chrome 98.0.4758.102 Stable channel update.

Google fixes a zero-day threat and several high-severity vulnerabilities in Chrome 98.0.4758.102 Stable channel update.

Hello everyone,

 

Chrome stable channel has been updated to 98.0.4758.102 for Windows, Mac, and Linux. This update fixes a zero-day threat (tracked as CVE-2022-0609) as well as a number of high-severity vulnerabilities.

 

In a security advisory released on Feb-14-2022, Google said, "Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild." However, details of the bugs and attacks will not be revealed until a majority of users are updated with a fix.

 

The details of the vulnerabilities fixed are as follows:

CVE ID
Vulnerability
Severity
CVE-2022-0603
Use after free in File Manager
High
CVE-2022-0604
Heap buffer overflow in Tab Groups
High
CVE-2022-0605
Use after free in Webstore API
High
CVE-2022-0606
Use after free in ANGLE
High
CVE-2022-0607
Use after free in GPU
High
CVE-2022-0608
Integer overflow in Mojo
High
CVE-2022-0609
Use after free in Animation
High
CVE-2022-0610
Inappropriate implementation in Gamepad API
Medium

To install this update on your Windows/Mac machines, initiate a sync between the Central Patch Repository and the Desktop Central / Patch Manager Plus / Vulnerability Manager Plus server. Once the sync is complete, search for the following Patch IDs or Bulletin ID and deploy them to your target systems.

Patch ID
Bulletin ID 
Patch Description
323588
TU-017
Google Chrome (x64) (98.0.4758.102)
323587
TU-017
Google Chrome (98.0.4758.102)
603616
MAC-012
Google Chrome For Mac 98.0.4758.102

Cheers,
The ManageEngine Team