Google has issued a warning on its official Chrome blog, revealing that Chrome for Windows, macOS, and Linux are all vulnerable to a new ‘zero-day’ hack. Microsoft has also confirmed that the same zero-day hack affects its Edge browser. Zero-day is the most dangerous form of attack because it means the vulnerability is known to hackers before Google or Microsoft could issue a fix. This means every Chrome and Edge user is vulnerable.

Google has announced an emergency update for Chrome (99.0.4844.84) which will roll out over the coming days/weeks. To check your browser version, navigate to Settings > Help > About Google Chrome — this will also force Chrome to check for updates. Please be advised that you are not protected until you restart the browser. Miami’s Information Security Office is recommending that all Miami Chrome users update to this version as soon as it is available.

Microsoft also confirms that it has released a fix for Edge based on the Chromium update that Google already launched for Chrome. Microsoft states that the patched version of Edge is 99.0.1150.553, so if your browser is showing a lower number then you are still vulnerable. To get it, follow these steps:

1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window.
2. Click Help and Feedback.
3. Click About Microsoft Edge.

If you have any further questions about this vulnerability, or receive an email you consider suspicious, please contact InfoSec@MiamiOH.edu, and the information security team will help determine if it’s legitimate or a fraud.