Update Edge and Chrome browsers now to avoid ANGLE exploits

All the Chromium browsers are affected by this CVE

Reading time icon 2 min. read

Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Update Edge and Chrome browsers now to avoid ANGLE exploits

ANGLE, or Almost Native Graphics Layer Engine was a feature introduced by Google in 2010 to allow Chromium browsers running WebGL content without the need for OpenGL drivers.

However, as it has been discovered, ANGLE had a critical vulnerability, CVE-2024-2883, allowing attackers to exploit heap corruption using a HTML page, ghacks.net reports.

Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Microsoft updated Edge and Google updated Chrome

Microsoft released an urgent Edge update to version 123.0.2420.65 which patches this vulnerability, but also points out that all the Chromium-based browsers have the same problem.

In the summary, of this vulnerability report, Microsoft also acknowledges that the CVE was assigned by Chrome and that it has been exploited:

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Google is aware that an exploit for CVE-2024-2883 exists in the wild.

However, strangely enough, although Google also updated Chrome to version 123.0.6312.86/.87 to patch this vulnerability, they don’t seem to know about any such exploits. They also restricted the access to bug details to protect the users who didn’t update the browser yet.

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

Regardless, you should update your browser now to the latest version to avoid this issue. For Chrome, go to Settings > About Chrome and the browser will perform an update automatically. In Edge, go to Settings > About Microsoft Edge to do the same.

If you have another Chromium-based browser such as Vivaldi or Brave, you should also update it swiftly. After that, restart the app for the changes to take effect.

Did you receive the latest update? Let us know if you had any problems in the comments section below.

More about the topics: Cybersecurity, Google Chrome, microsoft edge