Update Chrome now to fix this urgent zero-day flaw
Exploit for high-severity browser vulnerability already in wild
Update: Make sure to update Chrome now to protect yourself against 30 vulnerabilities.
Chrome users, it's time to update your desktop browsers — if they haven't been updated already — to patch a zero-day flaw that could be exploited by hackers.
The vulnerability, given the catalog number CVE-2022-0609, involves "use after free in Animation," Google said in an update notification on the official Chrome blog yesterday (Feb. 14), adding that there are reports that "an exploit for CVE-2022-0609 exists in the wild."
Google didn't say who might have the exploit, whether they were using it or against whom, or how the exploit would work. But you have to assume the worst and act as if the flaw, described as being of high severity, is already being used in attacks.
Yesterday's update pushes Chrome to version 98.0.4758.102 on Windows, macOS and Linux. (Chrome mobile apps are updated separately.)
Chrome and its open-source parent Chromium seem to have several components related to animation, so we're not exactly which one is open to attack. But "use after free" indicates that the component isn't properly reallocating memory space after it's finished a task, and that malware or human attackers might be able to grab that memory space and do bad things.
The vulnerability's discovery was credited to Adam Weidemann and Clément Lecigne from Google's own Threat Analysis Group. Details of the flaw have not yet been released.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
Ten other Chrome flaws were patched, at least four of which also involve use-after-free bugs.
How to update Chrome and related browsers
Chrome will normally update itself automatically when you relaunch the browser on a Mac or PC. (If you're working on a company-owned machine, your IT department may decide when to install the update.) On Linux, you may have to run your distribution's general-purpose software updater or wait for an update bundle.
If the browser relaunch doesn't update Chrome, then you just need to click the three vertical dots at the top of the browser window, scroll down to and click Help, and then click About Google Chrome.
A new tab will open that will either begin the update process or inform you that you're already on the latest version of Chrome, which again in this case is 98.0.4758.102.
Other Chromium-based browsers will also update themselves when you relaunch them. The manual update process for Microsoft Edge is identical to Chrome's, while Brave dispenses with the fly-out menu and puts "About Brave" right in the main Settings menu. However, neither had incorporated yesterday's updates at the time of this writing.
Opera and Vivaldi have slightly different manual-update processes that involve clicking the browser logo in the upper left corner, then clicking a dedicated updater option. We weren't able to see whether either had incorporated the latest version of Chromium.
Here's how to run a safety check in Chrome, and why you shouldn't let Chrome or other browsers save your passwords.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.