Lucene search

K
hiveproHive ProHIVEPRO:1BF741505EB0E48023B5A5F80FE0F3EB
HistoryFeb 15, 2022 - 2:31 p.m.

First zero-day vulnerability of Google Chrome this year actively exploited in wild

2022-02-1514:31:12
Hive Pro
www.hivepro.com
86

0.041 Low

EPSS

Percentile

92.2%

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Google released a stable channel update for their Chrome browser that contains a zero-day vulnerability and is actively being exploited-in-wild. This is the first zero-day bug reported in Chrome browser this year. A Use-After-Free (UAF) vulnerability which has been assigned CVE-2022-0609 affects the Animation component that may allow attackers to corrupt data, crash program or execute arbitrary code on computers running unpatched Chrome versions or escape the browser's security sandbox. Successful exploitation of this issue may lead to data corruption, program crash or arbitrary code execution. In recent browser versions, a number of controls have been introduced that make exploitation of these use after free vulnerabilities much harder but despite this, they still seem to persist. In addition to the zero-day bug, this update fixed seven other security vulnerabilities as mentioned in the table below. We recommend organizations to update to Chrome 98.0.4758.102 for Windows, Mac and Linux to avoid exploitation and mitigate any potential threats. Potential MITRE ATT&CK TTPs are: TA0040 - Impact TA0001 - Initial Access TA0002 - Execution T1499- Endpoint Denial of Service T1189- Drive-by Compromise T1190- Exploit-public facing application T1203- Exploitation for Client Execution T1499.004- Endpoint Denial of Service: Application or System Exploitation Vulnerability Details Patch Link https://www.google.com/intl/en/chrome/?standalone=1 References https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html