Guess who? Anyways, last night Google issued an emergency patch for a zero-day Chrome exploit that’s already been actively exploited in the wild. From the AX blog: “On Monday evening, Google released an emergency Chrome update to patch an actively-exploited zero-day, along with ten other security fixes in Chrome 98.0.4758.102.
The zero-day, CVE-2022-0609, is a high severity use-after-free vulnerability in Animation, which is pretty much all that is known right now. We can expect more details to come as the patch rolls out to all Chrome users in the next few weeks...If you use Automox, Chrome patching is natively supported for Windows, macOS, and Linux systems.”
A ‘Patch All’ policy will help ensure that your endpoints are covered, but you could also create a policy exclusively for Chrome by following the steps listed in Peter’s article: https://www.automox.com/blog/google-issues-emergency-chrome-patch-for-actively-exploited-zero-day