• Google reported their first 2022 zero-day vulnerability (CVE-2022-0609) in Chromium that threat actors are currently exploiting in the wild.
  • This vulnerability affects all Chromium users, regardless of which OS is running. It includes browsers like Chrome and Microsoft Edge (as well as other Chromium-based browsers).
  • Here is a link to our Power BI report to get a list of devices to take action against.

What happened?

Researchers Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group (TAG) reported Chromium’s first 2022 zero-day exploit in the wild on February 15, 2022. Google hasn’t gone into any more detail about the bug. Access to bug details and links are usually restricte until the majority of users are update with a fix. How Device42 Helps You Remediate the Chromium Use-After-Free Zero-Day Exploit .

This flaw is a high severity use after free vulnerability in the Animation component of Chrome. Not much else is currently know about the bug. 

This vulnerability affects all Chromium-based browser users, regardless of which OS is running. Chromium-based browsers include Google Chrome and Microsoft Edge, among others.

What does it mean for you?

CVE-2022-0609 can be exploite for data corruption and/or execution of arbitrary code on vulnerable systems.

Here are more details about use-after-free exploit from MITRE.

What should you do?

The recommendation is to immediately update browsers with this vulnerability. For larger enterprises, this means figuring out: 

  1. Which machines are vulnerable
  2. How to get all the updates do

Device42’s trusted discovery can help with the first step. You can access our PowerKBI report for Chromium (Chrome and Edge) here to quickly figure out the vulnerabilities in your environment.

If you don’t have access to Power BI, here is the link to DOQL you can use to pull up this report directly from Device42.

Resource : How Device42 Helps You Remediate the Chromium Use-After-Free Zero-Day Exploit

Software Asset Management CyberSecurity Consultants in the Middle East (gcst.ae)