Update everything: Chrome, Firefox, Brave, and Edge just patched a big flaw

Posted by
Check your BMI
A laptop surrounded by green and pink message boxes that say “warning.”
Photo by Amelia Holowaty Krales / The Verge
toonsbymoonlight

Google, Mozilla, Microsoft, and Brave have each issued critical security patches, reports Stack Diary. The patches address a vulnerability that an attacker could use to gain access to or run malicious code on your computer, and the companies acknowledge it’s been actively exploited in the wild. NIST classifies the vulnerability as severe. Other companies’ applications are affected — the vulnerability is linked to code used to render WebP images, which are widely used.

The software version numbers containing the fix are below.

  • Google: Chrome version 116.0.5846.187 (Mac / Linux); Chrome version 116.0.5845.187/.188 (Windows)
  • Mozilla: Firefox 117.0.1; Firefox ESR 102.15.1; Firefox ESR 115.2.1; Thunderbird 102.15.1; Thunderbird 115.2.2
  • Microsoft: Edge version 116.0.1938.81
  • Brave: Brave Browser version 1.57.64

Stack Diary mentioned that Electron-based apps like encrypted-messaging app Signal and Bandisoft’s Honeyview have also released patches for the issue. Other apps, like Affinity, Gimp, LibreOffice, Telegram, many Android applications, and “cross-platform apps built with Flutter” are likewise affected, according to the site.

Apple also released a security patch this week for what appears to be the same issue, though it references a different issue number on the NIST site.