CVE-2022-0609

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 98.0.4758.102

Description The issue is related to a use-after-free vulnerability in the Animation component of Google Chrome. This vulnerability allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability could lead to the execution of arbitrary code on affected systems and damage to data. At least two distinct groups of North Korean state-sponsored hackers exploited this vulnerability to launch cyberattacks on the fintech, IT, and media industries.

Recommendations For Google Chrome versions prior to 98.0.4758.102, update to version 98.0.4758.102 or later to resolve the issue. As a temporary workaround, consider restricting access to the Animation component until a patch is applied. Avoid using the vulnerable API Web Animations until the issue is resolved.