Update Edge and Chrome browsers now to avoid ANGLE exploits

All the Chromium browsers are affected by this CVE

News

Reading time icon 2 min. read

Calendar icon Published on

by Claudiu Andone 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Update Edge and Chrome browsers now to avoid ANGLE exploits

ANGLE, or Almost Native Graphics Layer Engine was a feature introduced by Google in 2010 to allow Chromium browsers running WebGL content without the need for OpenGL drivers.

However, as it has been discovered, ANGLE had a critical vulnerability, CVE-2024-2883, allowing attackers to exploit heap corruption using a HTML page, ghacks.net reports.

Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Microsoft updated Edge and Google updated Chrome

Microsoft released an urgent Edge update to version 123.0.2420.65 which patches this vulnerability, but also points out that all the Chromium-based browsers have the same problem.

In the summary, of this vulnerability report, Microsoft also acknowledges that the CVE was assigned by Chrome and that it has been exploited:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Google is aware that an exploit for CVE-2024-2883 exists in the wild.

However, strangely enough, although Google also updated Chrome to version 123.0.6312.86/.87 to patch this vulnerability, they don’t seem to know about any such exploits. They also restricted the access to bug details to protect the users who didn’t update the browser yet.

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

Regardless, you should update your browser now to the latest version to avoid this issue. For Chrome, go to Settings > About Chrome and the browser will perform an update automatically. In Edge, go to Settings > About Microsoft Edge to do the same.

If you have another Chromium-based browser such as Vivaldi or Brave, you should also update it swiftly. After that, restart the app for the changes to take effect.

Did you receive the latest update? Let us know if you had any problems in the comments section below.

More about the topics: Cybersecurity, Google Chrome, microsoft edge

Claudiu Andone

Claudiu Andone Shield

Windows Toubleshooting Expert

Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft. His abrupt interest in computers started when he saw the first Home Computer as a kid. However, his passion for Windows and everything related became obvious when he became a sys admin in a computer science high school. With 14 years of experience in writing about everything there is to know about science and technology, Claudiu also likes rock music, chilling in the garden, and Star Wars. May the force be with you, always!