Zero-day vulnerability for Chrome and Edge users
A zero-day vulnerability has been found in Google Chrome and Microsoft Edge browsers. This means a security bug existed with no patch available, leaving systems open to cyber attacks. Use this guidance to learn more about the vulnerability, if you’re affected, and what you need to do.
About this vulnerability
Cyber criminals can exploit this flaw to crash browsers but is more commonly used to be able to execute code on the victim’s machine.
In practice, this would mean any device which has either Google Chrome or Microsoft Edge may be susceptible to this type of attack.
A type-confusion attack confuses the Java system about the data it is manipulating, allowing for malicious actors to bypass typing rules within Chrome and execute their own code.
What is affected?
If you use one of the following applications on Windows, Mac, or Linux, you may be impacted by this vulnerability:
- Google Chrome versions before 99.0.4844.84.
- Microsoft Edge versions before 99.0.1150.55.
What you need to do
The vendors of the above applications have released security patches to address this vulnerability. We have alerted those in an IT support role at the University who may have already been in touch.
If you own a device which uses one of the browsers listed above, please update them as soon as possible.
If your device was bought through your school, please discuss this with your Computing Officer.
If you use a University-managed device, we will update it automatically and no action is needed.