Google Issues Emergency Chrome Update After Discovering Hackers Exploiting Zero Day Vulnerability

Hacked Google Chrome Browser Update Overview: 

• Who: Google has issued an emergency update for its Chrome browser.
• Why: The company revealed that it discovered hackers have been taking advantage of a High-level Zero Day vulnerability.
• Where: The Chrome browser update affects users worldwide.

Google issued an emergency update for its Chrome browser last week after confirming it was being exploited by hackers. 

The company revealed on Feb. 14 that hackers have been taking advantage of a High-level Zero Day vulnerability that is found within all Chrome browsers. The zero day vulnerability is the first discovered this year, reports Forbes. 

In addition, Google acknowledged discovering six other High level threats within its browser, affecting all operating systems. 

Google, which issued 11 security fixes in total, says it is rolling out an updated Chrome for Windows, Mac, and Linux within the coming days and weeks, which will be known as version 98.04758.102.

Users can check to see if they have the most up-to-date Chrome by navigating through their settings. A restart of Chrome will be required before any update changes are able to go into effect. 

Chrome currently has around 3.2 billion users worldwide, reports Forbes, making it a top target for hackers looking to exploit vulnerable data. 

The zero day hack is a “Use-After-Free” exploit — the most common used against Chrome — which was tracked as CVE-2022-0609 and found in its Animation component. 

“Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” according to its security update,” the company said. 

Among the other High level threats Google reported was a Heap buffer overflow attack, which involves overwriting data structures within memory. 

First Zero-Day Vulnerability Discovered Since December 2021

The last time Google dealt with a zero-day vulnerability was in December when it was among five security flaws the company announced it had fixed. 

In that case, the zero day vulnerability was another use-after-free flaw, which was found in Chrome’s open-source V8 Javascript engine.

That zero day vulnerability brought the total to 17 for last year for Google’s Chrome browser, which included two high-level bug fixes in October and a separate use-after-free vulnerability discovered in June, reports Duo. 

Google Chrome has also been in the news recently due to class action litigation surrounding the web browser.

In December, Google asked a federal judge to dismiss a class action lawsuit claiming the company collected the data of Chrome users without their consent. 

Google argued Chrome users gave consent to have their data collected when they signed an account-holder agreement before beginning to use the web browser.

Further, Google claimed Chrome users consented once again when they signed a privacy policy. 

In June 2020, meanwhile, three Chrome users filed a class action lawsuit against Google, claiming the company was improperly collecting their data while they used the browser’s private mode. 

Users argued that having their data collected while they were in what is known as “incognito mode” was a violation of their privacy and in violation of federal wiretap laws.

Further, users claimed Google was tricking its users into thinking they had control over how much of their data was being shared with it and other third parties. 

Read About More Class Action Lawsuits & Class Action Settlements:

• Google Class Actions Claim Company Tracked, Stored Users’ Location Data After They Disabled Function
• Facebook, Now ‘Meta,’ Accused of Exploiting Children in Lawsuit Lodged by Ohio AG
• Google Asks Judge To Dismiss Majority Of Class Action Claims
• Investors File Class Action Lawsuit Against Meta After Research Shows Instagram Harms Mental Health of Teenagers