Security update released for Google Chrome
A zero-day vulnerability has been found in Google Chrome. This means a security bug existed with no patch available, leaving systems open to cyber attacks. Use this guidance to learn more about the vulnerability, if you’re affected, and what you need to do.
About this vulnerability
Cyber criminals can exploit this flaw to crash browsers but is more commonly used to be able to execute code on the victim’s machine.
In practice, this would mean any device which has the Google Chrome browser may be susceptible to this type of attack.
A type-confusion attack confuses the Java system about the data it is manipulating, allowing for malicious actors to bypass typing rules within Chrome and execute their own code.
What is affected?
If you use the browser on Windows, Mac, or Linux, you may be impacted by this vulnerability:
- Google Chrome versions before 107.0.5304.87.
What you need to do
The vendors of the above applications have released security patches to address this vulnerability:
- 107.0.5304.87 for Mac and Linux.
- 107.0.5304.87/.88 for Windows.
We have alerted those in an IT support role at the University who may have already been in touch.
If you own a device which uses one of the browsers listed above, please update them as soon as possible.
If your device was bought through your school, please discuss this with your Computing Officer.