New vulnerabilities could allow attackers to execute code and control browsers remotely. The BSI therefore urgently recommends updating the browser, which is also very easy to do. The CVSS value of 8.8 is considered highly dangerous.
The Federal Office for Information Security (BSI) warns users and companies of highly dangerous vulnerabilities with the CVSS value 8.8 in the Google Chrome and Microsoft Edge browsers under the Windows, MacOS and Linux operating systems. A remote, anonymous attacker could exploit multiple vulnerabilities in Google Chrome and Microsoft Edge to execute arbitrary code. This allows him to take over the browser and control it remotely. The following CVEs explain the vulnerabilities and their backgrounds: CVE-2024-0222, CVE-2024-0223, CVE-2024-0224, CVE-2024-0225 (Common Vulnerabilities and Exposures or in German “Known Vulnerabilities and Susceptibilities”).
Browser updates are available
Google and Microsoft are already providing corresponding updates for their browsers. The vulnerabilities can be found in the smaller versions of the browsers:
- Microsoft Edge < 120.0.2210.121
- Google Chrome < 120.0.6099.199
- Google Chrome < 120.0.6099.200
If a company does not use patch management, an update can also be triggered manually and is automatically carried out by a browser in seconds. However: an update will only be carried out if the browser is at least restarted.
Trigger Chrome update
If the update is not triggered by a group policy, you should proceed as follows: Users only have to restart the browser for the update or, even easier, select Settings >Help >About Google Chrome. The information page for the browser then opens. If the update hasn't been completed yet, Chrome will now simply run it automatically.
Trigger Edge update
In larger companies, the Edge browser usually receives its update via the Microsoft Endpoint Manager console via policy. The update is extremely easy for SMEs and individual users. Normally, Edge will automatically update immediately when the browser is restarted. However, users can access >Help and Feedback > About Microsoft Edge” in the browser and thus open the information about the browser. The update will then appear automatically.
More at BSI.bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.