Google has released an emergency security update for Chrome to address eight newly discovered vulnerabilities. One of these is a zero-day flaw, tracked as CVE-2022-0609, that attackers are already exploiting in real-world scenarios. To stay protected, users should update to Chrome version 98.0.4758.102. This version is being rolled out through the stable channel and is designed to close the security gaps identified by Google’s security team and external researchers. The update is particularly important because Chrome is used by an estimated 3.2 billion people worldwide, which makes it a frequent target for attackers. Applying this update helps organizations and individuals reduce the risk of compromise through the browser.

CVE-2022-0609 is a high-severity remote code execution vulnerability in Google Chrome. It’s described as a “use after free in animation,” which refers to a memory handling issue that can be abused by an attacker to run arbitrary code on a target machine. Key points: - Severity: Rated high. - Type: Remote code execution (RCE). - Status: Actively exploited in the wild at the time of the update. Because attackers are already using this vulnerability, it moves from a theoretical risk to a practical one. If a user visits a malicious or compromised website, an attacker could potentially leverage this flaw to execute code, which may lead to data theft, malware installation, or further lateral movement inside a network. Google has intentionally limited the technical details for now. This is a common practice: they hold back deeper information until a majority of users have updated, which helps reduce the window of opportunity for attackers to copy or refine the exploit.

To update Chrome and confirm you’re protected, follow these steps: 1. Open Chrome. 2. Go to the menu (three dots in the upper-right corner). 3. Select **Help** > **About Google Chrome**. 4. Chrome will automatically check for updates and start downloading version 98.0.4758.102 if it’s available for your device. 5. Once the download completes, click **Relaunch** (or close and reopen Chrome) so the update is fully applied. Important details: - The update is rolling out over several days and weeks, so some users may not see it immediately. - The update is not active until you restart the browser. If you don’t relaunch Chrome, you remain exposed to the vulnerabilities, including CVE-2022-0609. After restarting, revisit **Help > About Google Chrome** and confirm that the version number shows **98.0.4758.102** or later. At that point, your browser includes fixes for: - CVE-2022-0609 (zero-day, use after free in animation, high). - CVE-2022-0603 (use after free in File Manager, high). - CVE-2022-0604 (heap buffer overflow in Tab Groups, high). - CVE-2022-0605 (use after free in Webstore API, high). - CVE-2022-0606 (use after free in ANGLE, high). - CVE-2022-0607 (use after free in GPU, high). - CVE-2022-0608 (integer overflow in Mojo, high). - CVE-2022-0610 (inappropriate implementation in Gamepad API, medium). For business environments, encouraging employees to run this update promptly helps reshape your browser security posture and reduce exposure across the organization.