Threat Intelligence Alert 15.02.22 - Critical Google Chrome 0-day Exploited in the Wild.txt

Threat Intelligence Alert: Critical Google Chrome 0-day Exploited in the Wild

Key Details

CVE-2022-0609

Affected Products – Google Chrome 98.0.4758.102

Disclosure Date – 14th February 2022

CVSS Score – 9.8/10

Exploit Released - Yes

Patch Available – Yes

Summary
On the 14th of February Google released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks. The zero-day bug being tracked as CVE-2022-0609 has been assigned a high severity CVSS score and is described as a "Use-after-free in Animation". 
This type of bug is commonly exploited by attackers to execute arbitrary code on computers running unpatched Chrome versions or escape the browser's security sandbox. Crucially, as this zero-day is known to have been used by attackers in the wild, it is highly recommended that users install Google Chromes update as soon as possible.
 
Mitigation
Chrome users are recommended to update to the latest versions 98.0.4758.102 for Windows, Mac, and Linux to mitigate any potential threats. Google reports that the Chrome update will be released over the coming weeks, however, in the meantime it is possible to install the update simply by going into - Chrome menu > Help > About Google Chrome. The browser will verify for new updates and install them when you close and relaunch Chrome.
 
NCC Group Actions
NCC Group will continue to track this vulnerability and will update this alert with any critical developments and any emerging IoC’s will be identified and added to our Threat Intelligence Platform for monitoring.

Sources
https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-zero-day-exploited-in-attacks/
https://thehackernews.com/2022/02/new-chrome-0-day-bug-under-active.html
https://www.tenable.com/plugins/nessus/158051