New Google Chrome Zero Day Weaponized

Google Chrome Zero-Day Is Being Weaponized

Google has released 98.0.4758.102 today to the Stable Channel to resolve serious issues impacting Windows, Linux and Mac OS.  So far this year this is the first Google Zero Day version of the Chrome browser, on par with last year’s record cadence of 16 Weaponised versions throughout the year.  This vulnerability is being tracked under CVE-2022-0609 and are both Critical Severity.

A remote attacker can create a specially-crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

What’s the solution?

Upgrade to the latest version of Chrome stable channel using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges.  The CVE carries a CVSS score of 8.8 (High Severity) and the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Recent Posts

Topics

Related Posts

April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 9, 2024
Automating Patch and Vulnerability Management for Compliance Success

Automating Patch and Vulnerability Management for Compliance Success

March 21, 2024
March 2024 Patch Tuesday: Microsoft releases 59 fixes this month including 2 Critical Threats and 2 with CVSS Score of 9.0 or Above

March 2024 Patch Tuesday: Microsoft releases 59 fixes this month including 2 Critical Threats and 2 with CVSS Score of 9.0 or Above

March 12, 2024
Third-Party Patching: Don’t Be a Sitting Duck

Third-Party Patching: Don’t Be a Sitting Duck

February 14, 2024