CONTEXT:
Google Chrome security update has released an emergency fix for the CVE-2022-1096 vulnerability exploit.
This is a high severity zero-day bug that has been exploited in the wild. Google released an updated version of Chrome 99.0.4844.84 for users of Windows and Mac to patch the vulnerability.
Microsoft Edge (Chromium based) is also impacted by this vulnerability and has also released a patch for the Microsoft Edge (Chromium based) browser to update to 99.0.1150.55 version.
BIGFIX RESPONSE:
BigFix published and tested content as soon as patches were made available from Google and Microsoft, enabling customers to remediate relevant vulnerabilities quickly, as governed by BigFix Trust Center quality assurance.
RECOMMENDED ACTION:
BigFix customers will find the latest released fixlets inside the “Updates for Windows Applications” and “Updates for Mac Applications” sites.
Given the high severity and the broader applicability of this vulnerability, BigFix strongly suggest to take immediate action by leveraging the fixlets that were made available to patch the browsers version on all the affected devices.
References to the Release announcements can be found at:
- Windows announcement: Content Modification: Updates for Windows Applications published 2022-03-28
- Mac OS announcement: Content Modification: Updates for Mac Applications published 2022-03-28