{"id":98210,"date":"2023-06-07T09:41:47","date_gmt":"2023-06-07T16:41:47","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=98210"},"modified":"2023-08-04T06:18:54","modified_gmt":"2023-08-04T13:18:54","slug":"patch-now-3rd-chrome-zero-day-of-2023-affects-edge-brave-more","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/patch-now-3rd-chrome-zero-day-of-2023-affects-edge-brave-more\/","title":{"rendered":"Patch now: 3rd Chrome zero-day of 2023 affects Edge, Brave, more"},"content":{"rendered":"\r\n

\"\" On Monday, June 5, the Google Chrome<\/a> browser was\u00a0updated to address a zero-day vulnerability that has been actively exploited in the wild. This is the third such vulnerability this year; the first<\/a> and second<\/a> were patched days just apart in April.<\/p>\r\n

Google says that it “is aware that an exploit for CVE-2023-3079 exists in the wild.” This means that patches need to be installed urgently.<\/strong> This particular vulnerability exists in Chromium’s V8 engine.<\/p>\r\n

Whenever Chrome gets a security update, other browsers based on the Chromium<\/a> open-source Web browser project generally require an update, too. Microsoft<\/b>\u00a0Edge<\/strong>, Brave<\/strong>, Vivaldi<\/strong>, and Opera<\/strong> browsers are all built upon the Chromium codebase.<\/p>\r\n

Vivaldi<\/a> also released an update on June 5. Microsoft Edge<\/a> and\u00a0Brave<\/a> browsers received updates on June 6. Opera finally released a security update<\/a> (labeled as a back-port of Chrome issue 1450481) on June 7. As usual, Opera took longer than other Chromium-based browsers to release a critical security update.<\/p>\r\n

How to update Chromium-based desktop browsers<\/h3>\r\n

Mac users can update their Chrome, Edge, Brave, or Opera browsers<\/strong> by clicking on the application menu (e.g. “Chrome” or “Microsoft Edge,” next to the Apple logo menu), and then clicking the first item in that menu (e.g. “About Google Chrome” or “About Microsoft Edge”). The browser will check for updates, and if an update is available, it will prompt you to restart the app to complete the update.<\/p>\r\n

Vivaldi<\/strong> for macOS has a slightly different update procedure. After clicking on the Vivaldi menu (next to the Apple menu), click on “Check for Updates\u2026” to ensure you have the latest version installed.<\/p>\r\n

Windows users can update their browsers<\/strong> by following the steps provided by each browser maker: Chrome<\/a>, Edge<\/a>, Brave<\/a>, Vivaldi<\/a>, Opera<\/a>.<\/p>\r\n

How to update Chromium-based mobile browsers<\/h3>\r\n

Android users<\/strong> should check the Google Play Store app for the latest versions of their browsers and other apps.<\/p>\r\n

Mobile browsers on iOS and iPadOS<\/strong> use Safari’s WebKit engine, rather than Chromium’s Blink and V8 engines. Therefore, this particular vulnerability does not affect the iOS or iPadOS versions of any Web browsers. If you would like to update your iPhone and iPad browsers anyway, you can do so via the App Store. (Here’s how to manually check for and install updates<\/a>.) Note that Vivaldi for iOS is still an invite-only beta<\/a> and is not yet available in the App Store.<\/p>\r\n

Sometime after the release of iOS 17 and iPadOS 17, third-party app stores<\/a> may become a reality\u2014at least in the EU, for compliance with the Digital Markets Act. Apple must comply with the DMA no later than March 2024. It’s possible that third-party stores may eventually distribute alternative browser versions that use their own engines, rather than the WebKit-locked App Store versions.<\/p>\r\n

Non-browser apps need updates, too<\/h3>\r\n

As we’ve noted in the past, many non-browser apps, including\u00a0Electron apps<\/a>, also rely on the Chromium browser codebase for rendering HTML content. These include the desktop versions of apps like 1Password, Discord, Dropbox, Figma, GitHub, Microsoft Teams, Signal, Skype, Slack, Trello, Twitch, WhatsApp, WordPress, and Zoom.<\/strong> Notably, the Electron framework does not get updated in tandem with Chromium, so some Electron-based apps may remain vulnerable for months<\/a>.<\/p>\r\n

For this and other reasons, it’s important to keep all your other apps updated as well. To update Mac App Store apps<\/a>, open the App Store, then click Updates, and click on Update All. Other apps usually have their own separate in-app or separate update mechanisms. In some cases, you may need to update an app manually by downloading a new version from the developer’s site.<\/p>\r\n

Chromium vulnerabilities threaten Electron app security<\/a><\/blockquote>