The Federal Office for Information Security (BSI) has published a new warning about vulnerabilities in Google Chrome and Microsoft Edge. Attackers can exploit the vulnerabilities to remotely execute arbitrary code.
Vulnerabilities in Chrome and Edge
This could mean additional malware could be loaded onto users' personal computers and potentially entire computers could be taken over. There are a total of six vulnerabilities in the Chromium infrastructure, including those affecting WebGPU and WebAudio. So users who use Google Chrome or Microsoft Edge on Windows PCs should update now urgently.
BSI has not yet warned about the possibility of active exploitation of the vulnerabilities. The risk is rated as high and users are requested to install new versions quickly. BSI is now talking about the security problem: “An unknown, remote attacker could exploit multiple vulnerabilities in Google Chrome and Microsoft Edge to execute arbitrary code.”
Google had already warned about the problem last week and issued an update. Microsoft also acted quickly. Anyone using the new Microsoft Edge will receive the update as an automatic update. Naturally, this also applies to Google Chrome. Alternatively, the latest version can be downloaded from the developer or via the WinFuture download area and installed manually. The latest version of Edge is 120.0.2210.121.
Updates are available for both browsers and were recently distributed automatically. Anyone who has deactivated automatic updates should now quickly check if an update is available. The easiest way to do this is to click “About Google Chrome” https://winfuture.de/”About Edge” in the menu of the browser in question. It will show if you are up to date or if a new version can be installed.
More information about the vulnerabilities is not yet available. Developers usually only release details when the majority of users are protected by updates to avoid unnecessary risks. In addition, third parties are also affected by this security warning. According to Google, a vulnerability was discovered in a third-party library and has not yet been patched.
Detailed information about the vulnerabilities listed under CVE numbers will be gradually published in the Security Guide. This also usually happens some time after release. In the Google Chrome blog There is currently only limited information about which vulnerability has been fixed.
Edge update brings corresponding changes in the latest version.
In Microsoft, you can see an overview of the changes and in Edge update log tracking. Microsoft currently abbreviates: “Microsoft has released the latest Microsoft Edge Stable (Build 120.0.2210.121), which integrates the latest security updates from the Chromium project.” There are no changes specific to Microsoft Edge.
download Microsoft Edge browser built on Chromium
download Google Chrome – fast and secure browser
- BSI warns of vulnerabilities in Chrome and Edge
- Vulnerabilities allow malicious code to execute
- Six gaps in chromium infrastructure have been identified
- Users should update their browsers immediately
- Automatically distributes updates for Chrome and Edge
- The latest version of Edge is 120.0.2210.121
- Details of the vulnerabilities have not yet been fully published
“Subtly charming coffee scholar. General zombie junkie. Introvert. Alcohol nerd. Travel lover. Twitter specialist. Freelance student.”