Critical bug leaves Chrome, Firefox, Edge and loads of other apps vulnerable to attack — update right now
You’re going to be updating a lot of software to patch this vulnerability
After reporting on a critical zero-day flaw in Chrome earlier this week, it turns out that Google’s browser isn’t the only one affected by this bug.
As reported by The Verge, other Chromium-based browsers including Firefox, Edge and Brave are also vulnerable to potential attacks. However, all of the companies whose browsers are affected have released new versions to patch this security flaw.
The flaw itself (tracked as CVE-2023-4863) is caused by a WebP heap buffer overflow weakness and if exploited, it can be used to execute arbitrary code within Chrome, Firefox, Edge and Brave. To make matters worse, Google revealed in a security advisory that there is an exploit available for the vulnerability and that hackers are already using it in their attacks.
For this reason, you need to update your browser to the latest version immediately in order to prevent falling victim to any attacks exploiting this vulnerability. Here are the latest versions of Chrome, Firefox, Edge and Brave (as of publication) so that you can check to see if your browser is fully up to date:
- Google: Chrome version 116.0.5846.187 (Mac / Linux); Chrome version 116.0.5845.187/.188 (Windows)
- Mozilla: Firefox 117.0.1; Firefox ESR 102.15.1; Firefox ESR 115.2.1; Thunderbird 102.15.1; Thunderbird 115.2.2
- Microsoft: Edge version 116.0.1938.81
- Brave: Brave Browser version 1.57.64
Not just browsers
If you think having to update all of your browsers is a hassle, this vulnerability also affects a number of popular apps as well which will all need to be updated.
According to Stack Diary, both Electron-based apps and cross-platform apps built with Flutter are also vulnerable. The encrypted messaging app Signal and the free image viewer Honeyview are both Electron-based while GIMP, LibreOffice, Telegram and many of the best Android apps are built with Flutter. At the same time, Apple also updated macOS Ventura to version 13.5.2 through an emergency security update last week to address this flaw.
This means you’ll need to update your browser and several other programs on PC and Mac as well as a number of Android apps on the best Android phones. All told, you’re going to be doing a lot of updating to stay safe from any attacks leveraging this security flaw.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
How to stay safe from attacks exploiting this bug
When it comes to critical security flaws like this one, the most important thing you can do to stay safe is to ensure that all of your software is updated as soon as security fixes become available. This can be annoying, but updating all of your software is still a lot easier than dealing with identity theft or other repercussions.
Besides updating, you should also be using the best antivirus software on your PC, the best Mac antivirus software on your Apple computer and one of the best Android antivirus apps on your Android smartphone. By installing the latest software updates and using antivirus software on your devices, you can ensure you’re protected against all manner of cyberattacks.
Although every major browser and loads of popular apps are affected by this critical security flaw, other software could also be vulnerable from attacks leveraging this flaw. For this reason, you’ll want to keep an ear to the ground and install the latest updates for all of your other software just to be safe.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.