Wednesday, August 17, 2022
HomeGoogle Issues Warning To Millions Of Chrome Users

Google Issues Warning To Millions Of Chrome Users


Google has issued an emergency update to all Chrome users on Tuesday, February 15 (Windows, MacOS, Linux, etc). Here’s everything you need to know.

The tech-company giant confirmed the news in an official blog post, stating that a new High-level Zero Day vulnerability (CVE-2022-0609) has been found in all Chrome browsers and it is openly being exploited by hackers.

Google also stated that a further six High level threats have been discovered in the browser which impact every operating system.

Google is currently restricting information about the new exploits, so this is all the information currently available:

  • HighCVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22
  • High – CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24
  • High – CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita  on 2022-01-13
  • High – CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17
  • High – CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17
  • High – CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16
  • High – CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group on 2022-02-10
  • Medium – CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08

Predictably, the zero day hack is a ‘Use-After-Free’ (UAF) exploit, and UAF attacks remain by far the most common and successful type of Chrome hack.

Not only do UAF exploits account for five of the eight hacks listed here, but they also bring the total number of successful Chrome UAF attacks to 26 since the beginning of the year. On the other hand, this is the first successful Chrome Zero Day hack in 2022, which is noteworthy.

UAF vulnerabilities are memory exploits that occur when a program fails to clear the memory pointer after it has been freed.

Heap buffer overflow attacks, which are responsible for another of the successful attacks reported by Chrome, are a distant second. Memory on the heap, also known as ‘Heap Smashing,’ is dynamically allocated and typically contains program data. Critical data structures can be overwritten by an overflow, making it an ideal target for hackers.

What You Must Do?

Google has released Chrome 98.0.4758.102 in response to these hacks. Google warns that the update “will roll out over the next few days/weeks,” so you may not be able to protect yourself right away.

To check if your browser is updated, navigate to Settings > Help > About Google Chrome. If your Chrome browser is listed as 98.0.4758.102 or higher, you are protected. If the update is not yet available for your browser, check back regularly. Zero Day hacks are the most dangerous kind of security exploit. 

And remember, after updating Chrome must be restarted for the fixes to take effect. Chrome is now used by 3.2 billion users worldwide on desktop and mobile, making it arguably the number one target for hackers. Those who forget to restart become easy targets. 

Go update now!


Related articles

Stay Connected


Latest posts