TL;DR (Too long didn’t read)
- Google reported their first 2022 zero-day vulnerability (CVE-2022-0609) in Chromium that threat actors are currently exploiting in the wild.
- This vulnerability affects all Chromium users, regardless of which OS is running. It includes browsers like Chrome and Microsoft Edge (as well as other Chromium-based browsers).
- Here is a link to our Power BI report to get a list of devices to take action against.
What happened?
Researchers Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group (TAG) reported Chromium’s first 2022 zero-day exploit in the wild on February 15, 2022. Google hasn’t gone into any more detail about the bug. Access to bug details and links are usually restricted until the majority of users are updated with a fix.
This flaw is a high severity use after free vulnerability in the Animation component of Chrome. Not much else is currently known about the bug.
This vulnerability affects all Chromium-based browser users, regardless of which OS is running. Chromium-based browsers include Google Chrome and Microsoft Edge, among others.
What does it mean for you?
CVE-2022-0609 can be exploited for data corruption and/or execution of arbitrary code on vulnerable systems.
Here are more details about use-after-free exploit from MITRE.
What should you do?
The recommendation is to immediately update browsers with this vulnerability. For larger enterprises, this means figuring out:
- Which machines are vulnerable
- How to get all the updates done
Device42’s trusted discovery can help with the first step. You can access our PowerBI report for Chromium (Chrome and Edge) here to quickly figure out the vulnerabilities in your environment.
If you don’t have access to Power BI, here is the link to DOQL you can use to pull up this report directly from Device42.
