Security Alert: Urgent Google Chrome/Microsoft Edge Patch
Date:
2024-01-17 18:21:00
Status:
Closed
Brief Description:
A critical zero-day vulnerability in Google Chrome and Microsoft Edge may lead to sensitive information disclosure. Google states this vulnerability is being actively exploited. Patch now.
Current Status:
Microsoft has released Microsoft Edge 120.0.2210.144 to mitigate this vulnerability. This alert has been updated with details on updating Microsoft Edge.
Services Affected:
Certified Desktop
Full Description:
A critical zero-day vulnerability in Google Chrome and Microsoft Edge may lead to sensitive information disclosure. The vulnerability is an out of bounds memory access vulnerability in the V8 JavaScript engine. Google states this vulnerability is being actively exploited. Patch now.
For Google Chrome:
To check if your browser is updated, navigate to Settings > Help > About Google Chrome or chrome://settings/help in the address bar. If your Chrome browser is listed as 120.0.6099.224 or higher, you are protected.
For Microsoft Edge:
To check if your browser is updated, navigate to Menu > Help and Feedback > About Microsoft Edge, or edge://settings/help in the address bar. If your Edge browser is listed as 120.0.2210.144 or higher, you are protected.
Users should apply the following updates:
• Google Chrome: 120.0.6099.224 or higher
• Microsoft Edge: 120.0.2210.144 or higher.
Certified Desktop customers:
• Windows: Patches will automatically be installed via SecTeer VulnDetect.
• macOS: A patch for Google Chrome will be available today, Wednesday, January 17 with a deadline of approximately 4:00 pm on Thursday, January 18.
Users who do not have a managed computer and macOS Microsoft Edge users should check for updates and install them.
References:
Google Chrome Releases: https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
Release Notes for Microsoft Edge Security Updates: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
BleepingComputer: https://www.bleepingcomputer.com/news/security/google-fixes-first-actively-exploited-chrome-zero-day-of-2024/
For Google Chrome:
To check if your browser is updated, navigate to Settings > Help > About Google Chrome or chrome://settings/help in the address bar. If your Chrome browser is listed as 120.0.6099.224 or higher, you are protected.
For Microsoft Edge:
To check if your browser is updated, navigate to Menu > Help and Feedback > About Microsoft Edge, or edge://settings/help in the address bar. If your Edge browser is listed as 120.0.2210.144 or higher, you are protected.
Users should apply the following updates:
• Google Chrome: 120.0.6099.224 or higher
• Microsoft Edge: 120.0.2210.144 or higher.
Certified Desktop customers:
• Windows: Patches will automatically be installed via SecTeer VulnDetect.
• macOS: A patch for Google Chrome will be available today, Wednesday, January 17 with a deadline of approximately 4:00 pm on Thursday, January 18.
Users who do not have a managed computer and macOS Microsoft Edge users should check for updates and install them.
References:
Google Chrome Releases: https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
Release Notes for Microsoft Edge Security Updates: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
BleepingComputer: https://www.bleepingcomputer.com/news/security/google-fixes-first-actively-exploited-chrome-zero-day-of-2024/
CIT TDX ID: