Security Alert: New Urgent Google Chrome/Microsoft Edge Patch
Date:
2023-04-20 15:00:00
Status:
Closed
Brief Description:
A zero-day vulnerability in Google Chrome and Microsoft Edge may lead to arbitrary code execution. Google states this vulnerability is being actively exploited. This supersedes a prior alert from Monday, 4/17/2023. Patch now.
Current Status:
N/A
Services Affected:
Certified Desktop
Full Description:
A zero-day vulnerability in Google Chrome and Microsoft Edge may lead to arbitrary code execution. Google states this vulnerability is being actively exploited. This supersedes a prior alert from Monday, 4/17/2023. Patch now.
The vulnerability is an integer overflow vulnerability in Skia, a graphics library used by Chromium browsers for rendering graphics and text.
For Google Chrome:
To check if your browser is updated, navigate to Settings > Help > About Google Chrome or chrome://settings/help in the address bar. If your Chrome browser is listed as 112.0.5615.137 or higher, you are protected.
For Microsoft Edge:
Microsoft has released an update, but notes the fix only applies to non-Windows operating systems (macOS, Linux, and Android).
To check if your browser is updated, navigate to Menu > Help and Feedback > About Microsoft Edge, or edge://settings/help in the address bar. If your Edge browser is listed as 112.0.1722.54 or higher, you are protected.
Users should apply the following updates:
• Google Chrome 112.0.5615.137 or higher
• Microsoft Edge 112.0.1722.54 or higher (macOS, Linux, and Android only)
Certified Desktop customers:
• Windows: A patch for Google Chrome will be available today, Thursday, April 20, with an install deadline of 4:00 pm on Friday, April 21.
• macOS: A patch for Google Chrome will be available today, Thursday, April 20, with an install deadline of 4:00 pm on Friday, April 21.
Users who do not have a managed computer and macOS/Linux Microsoft Edge users should check for updates and install them.
References:
Google Chrome Releases: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Release Notes for Microsoft Edge Security Updates: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Bleeping Computer: https://www.bleepingcomputer.com/news/security/google-patches-another-actively-exploited-chrome-zero-day/
The vulnerability is an integer overflow vulnerability in Skia, a graphics library used by Chromium browsers for rendering graphics and text.
For Google Chrome:
To check if your browser is updated, navigate to Settings > Help > About Google Chrome or chrome://settings/help in the address bar. If your Chrome browser is listed as 112.0.5615.137 or higher, you are protected.
For Microsoft Edge:
Microsoft has released an update, but notes the fix only applies to non-Windows operating systems (macOS, Linux, and Android).
To check if your browser is updated, navigate to Menu > Help and Feedback > About Microsoft Edge, or edge://settings/help in the address bar. If your Edge browser is listed as 112.0.1722.54 or higher, you are protected.
Users should apply the following updates:
• Google Chrome 112.0.5615.137 or higher
• Microsoft Edge 112.0.1722.54 or higher (macOS, Linux, and Android only)
Certified Desktop customers:
• Windows: A patch for Google Chrome will be available today, Thursday, April 20, with an install deadline of 4:00 pm on Friday, April 21.
• macOS: A patch for Google Chrome will be available today, Thursday, April 20, with an install deadline of 4:00 pm on Friday, April 21.
Users who do not have a managed computer and macOS/Linux Microsoft Edge users should check for updates and install them.
References:
Google Chrome Releases: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Release Notes for Microsoft Edge Security Updates: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Bleeping Computer: https://www.bleepingcomputer.com/news/security/google-patches-another-actively-exploited-chrome-zero-day/
CIT TDX ID: