Vulnerabilities: BSI recommends Chrome and Microsoft Edge Update

B2B Cyber ​​Security ShortNews

Share post

New vulnerabilities could allow attackers to execute code and control browsers remotely. The BSI therefore urgently recommends updating the browser, which is also very easy to do. The CVSS value of 8.8 is considered highly dangerous.

The Federal Office for Information Security (BSI) warns users and companies of highly dangerous vulnerabilities with the CVSS value 8.8 in the Google Chrome and Microsoft Edge browsers under the Windows, MacOS and Linux operating systems. A remote, anonymous attacker could exploit multiple vulnerabilities in Google Chrome and Microsoft Edge to execute arbitrary code. This allows him to take over the browser and control it remotely. The following CVEs explain the vulnerabilities and their backgrounds: CVE-2024-0222, CVE-2024-0223, CVE-2024-0224, CVE-2024-0225 (Common Vulnerabilities and Exposures or in German “Known Vulnerabilities and Susceptibilities”).

Browser updates are available

Google and Microsoft are already providing corresponding updates for their browsers. The vulnerabilities can be found in the smaller versions of the browsers:

  • Microsoft Edge < 120.0.2210.121
  • Google Chrome < 120.0.6099.199
  • Google Chrome < 120.0.6099.200

If a company does not use patch management, an update can also be triggered manually and is automatically carried out by a browser in seconds. However: an update will only be carried out if the browser is at least restarted.

Trigger Chrome update

🔎 Settings > Help > The update starts via Google Chrome (Image: B2B-CS).

If the update is not triggered by a group policy, you should proceed as follows: Users only have to restart the browser for the update or, even easier, select Settings >Help >About Google Chrome. The information page for the browser then opens. If the update hasn't been completed yet, Chrome will now simply run it automatically.

Trigger Edge update

In larger companies, the Edge browser usually receives its update via the Microsoft Endpoint Manager console via policy. The update is extremely easy for SMEs and individual users. Normally, Edge will automatically update immediately when the browser is restarted. However, users can access >Help and Feedback > About Microsoft Edge” in the browser and thus open the information about the browser. The update will then appear automatically.

More at


About the Federal Office for Information Security (BSI)

The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more