Google fixes a zero-day threat and several high-severity vulnerabilities in Chrome 98.0.4758.102 Stable channel update.
Hello everyone,
Chrome stable channel has been updated to 98.0.4758.102 for Windows, Mac, and Linux. This update fixes a zero-day threat (tracked as CVE-2022-0609) as well as a number of high-severity vulnerabilities.
In a security advisory released on Feb-14-2022, Google said, "Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild." However, details of the bugs and attacks will not be revealed until a majority of users are updated with a fix.
The details of the vulnerabilities fixed are as follows:
CVE ID | Vulnerability | Severity |
CVE-2022-0603 | Use after free in File Manager | High |
CVE-2022-0604 | Heap buffer overflow in Tab Groups | High |
CVE-2022-0605 | Use after free in Webstore API | High |
CVE-2022-0606 | Use after free in ANGLE | High |
CVE-2022-0607 | Use after free in GPU | High |
CVE-2022-0608 | Integer overflow in Mojo | High |
CVE-2022-0609 | Use after free in Animation | High |
CVE-2022-0610 | Inappropriate implementation in Gamepad API | Medium |
To install this update on your Windows/Mac machines, initiate a sync between the Central Patch Repository and the Desktop Central / Patch Manager Plus / Vulnerability Manager Plus server. Once the sync is complete, search for the following Patch IDs or Bulletin ID and deploy them to your target systems.
Patch ID | Bulletin ID | Patch Description |
323588 | TU-017 | Google Chrome (x64) (98.0.4758.102) |
323587 | TU-017 | Google Chrome (98.0.4758.102) |
603616 | MAC-012 | Google Chrome For Mac 98.0.4758.102 |
Cheers,
The ManageEngine Team