close
close

topicnews · September 15, 2024

BSI warns against active remote use of Edge/Chrome bug

BSI warns against active remote use of Edge/Chrome bug

Google and Microsoft have released important security updates for their browsers. The BürgerCERT of the Federal Office for Information Security (BSI) has already issued a warning about the vulnerabilities; the risk is high.

Security warning from the BSI

There are now a total of four vulnerabilities, about which hardly any information was initially released so that users were not exposed to greater danger. The information is usually only released a few days after the updates are published.

Anyone who uses Microsoft Edge will simply receive the update as an auto-update. This also applies to Google Chrome. The latest Edge version has the number 128.0.2739.79 and is also already available for download from our WinFuture download center and can be found at the end of this article. Google Chrome is version 128.0.6613.138. According to the Federal Office for Information Security, the updates should be installed urgently:

A remote anonymous attacker can exploit several vulnerabilities in Google Chrome and Microsoft Edge to execute large code or conduct an unspecified attack.

BSI warning

According to the BSI, the security vulnerabilities can be exploited by a remote, anonymous attacker to execute arbitrary program code and cause further, unspecified effects. The BSI classified the risk as high, with the CVSS Base Score rating at 8.8:

The security holes discovered a few days ago are in Chromium, and thus in the underlying structure of Chrome and Edge. There are no Edge-specific vulnerabilities this time.

Edge update

Microsoft has also only reported superficially so far. The Edge update in the latest version only brings the changes to fix the Chromium vulnerabilities. At Microsoft, you can view version notes and track them in the Edge update history. The Edge update history now says:

“Microsoft has released the latest Microsoft Edge Stable Channel (128.0.2739.79), which contains the latest security updates from the Chromium project. For more information, see the Security Update Guide.” In the cited guide, however, Microsoft only refers to Google, where no details are yet available. “This CVE has been assigned by Chrome. Microsoft Edge (Chromium-based) adopts Chromium, which fixes this vulnerability.”

Microsoft has not yet released a security update for this vulnerability for the older Edge versions in the Extended Stable Channel; it remains with version 126.0.2592.132, which was released in early September.

Download Google Chrome – Fast and secure browser
Download Microsoft Edge – Chromium-based browser

Summary

  • Google and Microsoft release browser updates
  • BSI warns of vulnerabilities in Chromium
  • Critical security vulnerabilities identified
  • BSI risk assessment is high, CVSS score 8.8
  • Warning applies to Chrome, Edge and Linux versions
  • Edge update only fixes security holes
  • Updates available as auto-update

See also:

You may also like...