cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion

Chrome Zero-Day (CVE-2022-0609) Patch NOW!

Google's Threat Analysis Group discovered that two distinct North Korean government-backed attacker groups are exploiting a remote code execution vulnerability in Chrome, CVE-2022-0609. These groups' activity has been publicly tracked as Operation Dream Job and Operation AppleJeus.This flaw is a high severity use-after-free vulnerability in the Animation component of Chrome. Not much else is currently known about the bug. A use-after-free (UAF) exploit refers to memory after it has been freed, which can cause a program to use unexpected values, corrupt valid data, crash, or execute code, according to MITRE.


Reference: Countering threats from North Korea

1 Reply
dcontesti
Community Champion

Great alert thanks.

 

Folks need to keep in mind that ALL Chromium based browsers affected - CHROME / EDGE / BRAVE / OPERA as well.

 

You should upgrade to versions (build) listed below:

 

Chrome: 99.0.4844.84
Brave: 99.0.4844.88
Edge: 99.0.1150.55
Opera: 85.0.4341.18

 

d