Chrome releases update for zero-day vulnerability
Google have released an update for Chrome revealing another zero-day vulnerability. This follows a similar issue announced last month. Zero-day vulnerability means a security bug existed with no patch available, leaving systems open to cyber-attacks.
Use this guidance to learn more about the vulnerability, if you’re affected, and what you need to do.
About this vulnerability
Like the previous months’ vulnerability, cyber criminals can exploit this flaw to crash browsers. Though it’s more often used to execute code on the victim’s machine.
Any device with Google Chrome, or browsers like Microsoft Edge or Opera, may be susceptible to this type of attack.
A type-confusion attack confuses the Java system about the data it is manipulating. Allowing malicious actors to bypass typing rules within the browser and execute their own code.
What is affected?
If you use one of the following Chrome versions on Windows, Mac, or Linux, this vulnerability may impact you:
- Google Chrome versions before 100.0.4896.127.
- Microsoft Edge versions before 100.0.1185.44.
What you need to do
The vendors of these applications have released security patches to address this vulnerability. We have alerted those in an IT support role at the University. They may have already been in touch.
If you own a device which uses one of the browsers listed above, update them as soon as possible.
You should connect to the VPN so your device can install the relevant patches and remain safe. For staff coming back to the office, or students on campus who have not booted up their machines in a while, this is especially relevant.
If your device was bought through your school, please discuss this with your Computing Officer.
If you use a University-managed device, we will update it automatically and no action is needed.