Fix released for Google Chrome vulnerability

Lewis Goor
Tuesday 18 April 2023
A zero-day vulnerability has been found in Google Chrome. This means a security bug existed with no patch available, leaving systems open to cyber attacks. Use this guidance to learn more about the vulnerability, if you’re affected, and what you need to do.

About this vulnerability

Cyber criminals can exploit this flaw to crash browsers but is more commonly used to be able to execute code on the victim’s machine.

In practice, this would mean any device which has the Google Chrome browser may be susceptible to this type of attack.

A type-confusion attack confuses the Java system about the data it is manipulating, allowing for malicious actors to bypass typing rules within Chrome and execute their own code. This is almost identical to a previous issue in November 2022.

What is affected?

If you use the browser on Windows, macOS, or Linux, you may be impacted by this vulnerability:

  • Google Chrome versions before 112.0.5615.121.

What you need to do

The vendors of the above applications have released a fix to address this vulnerability:

  • 112.0.5615.121 for Windows, macOS and Linux.

We have alerted those in an IT support role at the University who may have already been in touch. Most devices will now have automatic updates installed, which should mean that this fix has already been implemented if you use Google Chrome.

If you own a device which uses Chrome, please update them as soon as possible if this hasn’t already been done.

Related topics

Subscribe to the IT Services blog

Enter your email address to subscribe to this blog to receive notifications of new posts.