Critical bug leaves Chrome, Firefox, Edge and loads of other apps vulnerable to attack — update right now

Share

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

After reporting on a critical zero-day flaw in Chrome earlier this week, it turns out that Google’s browser isn’t the only one affected by this bug.

As reported by The Verge, other Chromium-based browsers including Firefox, Edge and Brave are also vulnerable to potential attacks. However, all of the companies whose browsers are affected have released new versions to patch this security flaw.

The flaw itself (tracked as CVE-2023-4863) is caused by a WebP heap buffer overflow weakness and if exploited, it can be used to execute arbitrary code within Chrome, Firefox, Edge and Brave. To make matters worse, Google revealed in a security advisory that there is an exploit available for the vulnerability and that hackers are already using it in their attacks.

For this reason, you need to update your browser to the latest version immediately in order to prevent falling victim to any attacks exploiting this vulnerability. Here are the latest versions of Chrome, Firefox, Edge and Brave (as of publication) so that you can check to see if your browser is fully up to date:

• Google: Chrome version 116.0.5846.187 (Mac / Linux); Chrome version 116.0.5845.187/.188 (Windows)
• Mozilla: Firefox 117.0.1; Firefox ESR 102.15.1; Firefox ESR 115.2.1; Thunderbird 102.15.1; Thunderbird 115.2.2
• Microsoft: Edge version 116.0.1938.81
• Brave: Brave Browser version 1.57.64

Not just browsers

If you think having to update all of your browsers is a hassle, this vulnerability also affects a number of popular apps as well which will all need to be updated.

According to Stack Diary, both Electron-based apps and cross-platform apps built with Flutter are also vulnerable. The encrypted messaging app Signal and the free image viewer Honeyview are both Electron-based while GIMP, LibreOffice, Telegram and many of the best Android apps are built with Flutter. At the same time, Apple also updated macOS Ventura to version 13.5.2 through an emergency security update last week to address this flaw.

This means you’ll need to update your browser and several other programs on PC and Mac as well as a number of Android apps on the best Android phones. All told, you’re going to be doing a lot of updating to stay safe from any attacks leveraging this security flaw.

How to stay safe from attacks exploiting this bug

When it comes to critical security flaws like this one, the most important thing you can do to stay safe is to ensure that all of your software is updated as soon as security fixes become available. This can be annoying, but updating all of your software is still a lot easier than dealing with identity theft or other repercussions.

Besides updating, you should also be using the best antivirus software on your PC, the best Mac antivirus software on your Apple computer and one of the best Android antivirus apps on your Android smartphone. By installing the latest software updates and using antivirus software on your devices, you can ensure you’re protected against all manner of cyberattacks.

Although every major browser and loads of popular apps are affected by this critical security flaw, other software could also be vulnerable from attacks leveraging this flaw. For this reason, you’ll want to keep an ear to the ground and install the latest updates for all of your other software just to be safe.

More from Tom's Guide

• Intel-based Macs under attack from new MetaStealer malware
• Mysterious new malware uses Wi-Fi networks to give hackers your exact location
• Hackers are using Facebook Messenger to spread password-stealing malware