Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Update Edge and Chrome browsers now to avoid ANGLE exploits
All the Chromium browsers are affected by this CVE
2 min. read
Published onApril 1, 2024
published onApril 1, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
ANGLE, or Almost Native Graphics Layer Engine was a feature introduced by Google in 2010 to allow Chromium browsers running WebGL content without the need for OpenGL drivers.
However, as ithas been discovered, ANGLE had a critical vulnerability, CVE-2024-2883, allowing attackers to exploit heap corruption using a HTML page,ghacks.netreports.
Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Microsoft updated Edge and Google updated Chrome
Microsoft released anurgent Edge updateto version 123.0.2420.65 which patches this vulnerability, but also points out that all the Chromium-based browsers have the same problem.
In the summary, of this vulnerability report, Microsoft also acknowledges that the CVE was assigned by Chrome and that it has been exploited:
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please seeGoogle Chrome Releasesfor more information.
Google is aware that an exploit for CVE-2024-2883 exists in the wild.
However, strangely enough, although Google alsoupdated Chrometo version 123.0.6312.86/.87 to patch this vulnerability, they don’t seem to know about any such exploits. They also restricted the access to bug details to protect the users who didn’t update the browser yet.
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
Regardless, you should update your browser now to the latest version to avoid this issue. For Chrome, go to Settings > About Chrome and the browser will perform an update automatically. In Edge, go to Settings > About Microsoft Edge to do the same.
If you have another Chromium-based browser such as Vivaldi or Brave, you should also update it swiftly. After that, restart the app for the changes to take effect.
Did you receive the latest update? Let us know if you had any problems in the comments section below.
More about the topics:Cybersecurity,Google Chrome,microsoft edge
Claudiu Andone
Windows Toubleshooting Expert
Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft.
His abrupt interest in computers started when he saw the first Home Computer as a kid. However, his passion for Windows and everything related became obvious when he became a sys admin in a computer science high school.
With 14 years of experience in writing about everything there is to know about science and technology, Claudiu also likes rock music, chilling in the garden, and Star Wars. May the force be with you, always!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Claudiu Andone
Windows Toubleshooting Expert
Oldtimer in the tech and science press, with 14 years of experience in writing on everything there is to know about science, technology, and Microsoft
