Google Chrome vulnerability found
A zero-day vulnerability has been found in Google Chrome. This means a security bug existed with no patch available, leaving systems open to cyber attacks. Use this guidance to learn more about the vulnerability, if you’re affected, and what you need to do.
About this vulnerability
Cyber criminals can exploit this flaw to crash browsers but is more commonly used to be able to execute code on the victim’s machine.
In practice, this would mean any device which has the Google Chrome browser may be susceptible to this type of attack.
A type-confusion attack confuses the Java system about the data it is manipulating, allowing for malicious actors to bypass typing rules within Chrome and execute their own code. This is almost identical to a previous issue in April.
What is affected?
If you use the browser on Windows, macOS, or Linux, you may be impacted by this vulnerability:
What you need to do
The vendors of the above application have released a fix to address this vulnerability:
- Windows devices – the update to fix this issue is 114.0.5735.110.
- Mac and Linux devices – the update to fix this issue is 114.0.5735.106.
We have alerted those in an IT support role at the University who may have already been in touch. Most devices will now have automatic updates installed, which should mean that this fix has already been implemented if you use Google Chrome.
If you own a device which uses Chrome, please update them as soon as possible if this hasn’t already been done.