Skip to main content

Security Alert: Urgent Google Chrome/Microsoft Edge Patch

Date:
2022-12-02 22:00:00
Status:
Closed
Brief Description:
A zero-day vulnerability in Google Chrome and Microsoft Edge may lead to arbitrary code execution or sensitive information disclosure. Google states this vulnerability is being actively exploited. This supersedes a prior alert from 11/28/2022. Patch now.
Current Status:
Microsoft has published Microsoft Edge 108.0.1462.42 to address this vulnerability.

For Microsoft Edge:
To check if your browser is updated, navigate to Menu > Help and Feedback > About Microsoft Edge, or edge://settings/help in the address bar. If your Edge browser is listed as 108.0.1462.42 or higher, you are protected.

Users should apply the following updates:
• Edge 108.0.1462.42 or higher

Certified Desktop customers:
• Windows: A patch for Microsoft Edge was made available earlier today, Tuesday, December 6, with an install deadline of 4:00pm the same day. Microsoft Edge will automatically update for most customers. This patch will address instances where automatic update has not yet occurred.

• macOS: Users of Microsoft Edge should manually check for updates and install them.

Microsoft Edge users who do not have a managed computer should check for updates and install them.

For more information refer to the references below.
Microsoft Edge Security Updates: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Services Affected:
Certified Desktop
Full Description:
A zero-day vulnerability in Google Chrome and Microsoft Edge for Windows, macOS, and Linux may lead to arbitrary code execution or sensitive information disclosure. The vulnerability is a type confusion bug in the V8 JavaScript engine. Google states this vulnerability is being actively exploited. This supersedes a prior alert from 11/28/2022. Patch now.

For Google Chrome:
To check if your browser is updated, navigate to Settings > Help > About Google Chrome or chrome://settings/help in the address bar. If your Chrome browser is listed as 108.0.5359.94 or higher, you are protected.

Users should apply the following updates:
• Chrome 108.0.5359.94 or higher

Certified Desktop customers:
• Windows: A patch for Google Chrome will be available today, Friday, December 2, with an install deadline of 4:00 pm on Tuesday, December 6.

• macOS: A patch for Google Chrome will be available today, Friday, December 2 with an install deadline of 4:00 pm on Tuesday, December 6.

Users who do not have a managed computer should check for updates and install them.

For more information refer to the references below.

Chrome Releases: https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
Microsoft Edge Security Updates: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Bleeping Computer: https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/
CIT TDX ID: