Security News > 2022 > February > Chrome Zero-Day Under Active Attack: Patch ASAP

Chrome Zero-Day Under Active Attack: Patch ASAP
2022-02-15 18:33

Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that's actively being jumped on by attackers in the wild.

To fix the Animation problem, along with 10 other security issues, Google released Chrome 98.0.4758.102 for Windows, Mac, and Linux, due to roll out over coming days or weeks.

Chrome users can fix it straight away by going into the Chrome menu > Help > About Google Chrome.

Given that the zero day is under active attack, updating Chrome should be done ASAP. Credit for the Animation zero day goes to Adam Weidemann and Clément Lecigne, both from Google's Threat Analysis Group.

Finally, Google patched a medium-severity issue with inappropriate implementation in Gamepad API. This is Chrome's first zero day of the year, and more are sure to follow.

CVE-2021-21224 - April 20, an issue with type confusion in V8 in Google Chrome that could have allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.


News URL

https://threatpost.com/google-chrome-zero-day-under-attack/178428/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-04-26 CVE-2021-21224 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-843
8.8