CVE-2022-0609

Description

Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

How to fix CVE-2022-0609

To remediate CVE-2022-0609, upgrade the affected package to a fixed version below.

• Debian/chromium—upgrade to 98.0.4758.102-1~deb11u1 or later
• —upgrade to 98.1.210 or later
• —upgrade to 98.1.210 or later
• —upgrade to 98.1.210 or later
• —upgrade to 98.1.210 or later
• —upgrade to 98.1.210 or later
• —upgrade to 98.1.210 or later
• —upgrade to 98.1.210 or later
• —upgrade to 98.1.210 or later
• —upgrade to 98.1.210 or later

Is CVE-2022-0609 being exploited?

Yes — CVE-2022-0609 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (10)

• from 0, < 98.0.4758.102-1~deb11u1
• from 0, < 98.1.210
• from 0, < 98.1.210
• from 0, < 98.1.210
• from 0, < 98.1.210
• from 0, < 98.1.210
• from 0, < 98.1.210
• from 0, < 98.1.210
• from 0, < 98.1.210
• from 0, < 98.1.210

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-0609
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2022-0609
• PATCHgithub.com/cefsharp/CefSharp
• WEBchromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
• WEB