DESCRIPTION:
Multiple vulnerabilities (CVE-2022-0096~0118, 0120, 21929~21931, 21954 and 21970) exist in Google Chrome and Microsoft Edge. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, and execute arbitrary code on the system. Successful exploitation of the vulnerabilities may allow an attacker to compromise a vulnerable system.
AFFECTED RELEASES:
Google Chrome prior to 97.0.4692.71
Microsoft Edge prior to 97.0.1072.55
SOLUTION:
Upgrade to at least Google Chrome 97.0.4692.71 by following steps:
1. Open the Google Chrome browser.
2. Enter “chrome://settings/help” in the address bar. The window that appears will automatically check for updates and show you the current version of Chrome.
3. After Chrome is updated, click the “RELAUNCH” option to restart Chrome and complete the update.
Upgrade to at least Microsoft Edge 97.0.1072.55 by following steps:
1. Open the Microsoft Edge browser.
2. Enter “edge://settings/help” in the address bar. The window that appears will automatically check for updates and show you the current version of Edge.
3. After Edge is updated, click the “RELAUNCH” option to restart Edge and complete the update.
REFERENCE:
1. https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
2. https://thehackernews.com/2022/01/google-releases-new-chrome-update-to.html
3. https://www.cybersecurity-help.cz/vdb/SB2022010424
4. https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-6-2022