On Monday evening, Google released an emergency Chrome update to patch an actively-exploited zero-day, along with ten other security fixes in Chrome 98.0.4758.102.
The zero-day, CVE-2022-0609, is a high severity use-after-free vulnerability in Animation, which is pretty much all that is known right now. We can expect more details to come as the patch rolls out to all Chrome users in the next few weeks.
This is the first zero-day of the year for Chrome, after a clip of more than one per month (16 total) in 2021. We can certainly expect more to come in 2022, as Chrome has become a popular target for exploitation due to its wide adoption at both work and home.
Recommended Remediation
Google has acknowledged that exploits have taken place in the wild, so we recommend prioritizing patching (to 98.0.4758.102) as soon as possible, and setting up automated patching for Chrome and other ubiquitous software to reduce your overall risk.
If you use Automox, Chrome patching is natively supported for Windows, macOS, and Linux systems. A ‘Patch All’ policy will ensure you’re covered, but you can also create a policy exclusively for Chrome by following these steps:
Once you create the policy, you can run it manually from the Policy menu to instantly remediate, but we also recommend setting up a recurring schedule in the policy to ensure you’re covered as Chrome rolls the update out to devices.. Setting up a recurring policy will also keep you covered as future patches are released.
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day. Demo Automox and join thousands of companies transforming IT operations into a strategic business driver.