The latest Chrome update, version 98.0.4758.102, is rolling out to Windows, Mac, and Linux users and addresses several critical security vulnerabilities.

Google's update log lists 11 different security fixes being implemented in the new update, eight of which are considered high-level risks. Several of these are use after free (UAF) exploits that take advantage of a memory leak to corrupt data or execute code against the user's knowledge.

Of particular note is the bug designated as CVE-2022-0609, which reportedly allows UAF in Animation, which Google says has been exploited before. This means it has been used for malicious purposes more than once, and details of how to use the exploit have likely been spread to other potential bad actors. According to Google, none of the other bugs on the list appear to have been exploited so far.

Additional details about the security exploits addressed in the new update are being kept under wraps for now. Google states that it is doing this intentionally “until the majority of users have been updated with a fix.” Presumably as a way to prevent potential attackers from figuring out how to use these exploits and to reduce their attack window (i.e., once there are fewer users at risk).