Security Alert: Urgent Google Chrome/Microsoft Edge Patch
Date:
2023-09-12 17:56:00
Status:
Closed
Brief Description:
A critical zero-day vulnerability in Google Chrome and Microsoft Edge may lead to arbitrary code execution. Google states this vulnerability is being actively exploited. Patch now.
Current Status:
Following publication of additional critical zero-day vulnerabilities in other software, this alert has been closed and superseded by Security Alert #7046:"Urgent Security Updates for September 2023"
Services Affected:
Certified Desktop
Full Description:
A critical zero-day vulnerability in Google Chrome and Microsoft Edge may lead to arbitrary code execution. The vulnerability is a heap buffer overflow in the rendering of WebP-formatted images in the browser. Google states this vulnerability is being actively exploited. Patch now.
For Google Chrome:
To check if your browser is updated, navigate to Settings > Help > About Google Chrome or chrome://settings/help in the address bar. If your Chrome browser is listed as 116.0.5845.187 or higher, you are protected.
For Microsoft Edge:
Microsoft has not yet published an update for Microsoft Edge.
Users should apply the following updates:
• Google Chrome 116.0.5845.187 or higher
• Microsoft Edge – not yet available
Certified Desktop customers:
• Windows: A patch for Google Chrome will automatically be installed via SecTeer VulnDetect.
• macOS: A patch Google Chrome will be available today, Tuesday, September 12, with an install deadline of approximately 4:00 pm on Wednesday, September 13.
Users who do not have a managed computer and macOS Microsoft Edge users should check for updates and install them.
References:
Google Chrome Releases: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
Release Notes for Microsoft Edge Security Updates: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Bleeping Computer: https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
For Google Chrome:
To check if your browser is updated, navigate to Settings > Help > About Google Chrome or chrome://settings/help in the address bar. If your Chrome browser is listed as 116.0.5845.187 or higher, you are protected.
For Microsoft Edge:
Microsoft has not yet published an update for Microsoft Edge.
Users should apply the following updates:
• Google Chrome 116.0.5845.187 or higher
• Microsoft Edge – not yet available
Certified Desktop customers:
• Windows: A patch for Google Chrome will automatically be installed via SecTeer VulnDetect.
• macOS: A patch Google Chrome will be available today, Tuesday, September 12, with an install deadline of approximately 4:00 pm on Wednesday, September 13.
Users who do not have a managed computer and macOS Microsoft Edge users should check for updates and install them.
References:
Google Chrome Releases: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
Release Notes for Microsoft Edge Security Updates: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Bleeping Computer: https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
CIT TDX ID: