Fix released for Google Chrome vulnerability
About this vulnerability
Cyber criminals can exploit this flaw to crash browsers but is more commonly used to be able to execute code on the victim’s machine.
In practice, this would mean any device which has the Google Chrome browser may be susceptible to this type of attack.
A type-confusion attack confuses the Java system about the data it is manipulating, allowing for malicious actors to bypass typing rules within Chrome and execute their own code. This is almost identical to a previous issue in November 2022.
What is affected?
If you use the browser on Windows, macOS, or Linux, you may be impacted by this vulnerability:
- Google Chrome versions before 112.0.5615.121.
What you need to do
The vendors of the above applications have released a fix to address this vulnerability:
- 112.0.5615.121 for Windows, macOS and Linux.
We have alerted those in an IT support role at the University who may have already been in touch. Most devices will now have automatic updates installed, which should mean that this fix has already been implemented if you use Google Chrome.
If you own a device which uses Chrome, please update them as soon as possible if this hasn’t already been done.