IMPORTANT ANNOUNCEMENT: This website was decommissioned on July 18, 2022

Posted on July 18, 2022

This site is no longer being updated with new postings. Please visit the UBC IT Status Page at https://status.it.ubc.ca for any new status updates and incident notifications. For operational status of our enterprise-level services, users can now subscribe in multiple ways that now includes push notifications:

  • Email
  • SMS
  • Slack integration
  • Twitter
  • Webhooks
  • RSS feed
  • Custom Embed via Status API

You will be redirected shortly to the Status Page or follow the link below to go there now.

Visit the UBC IT Status Page

 

IMPORTANT ANNOUNCEMENT: This website will be decommissioned on July 18, 2022

Posted on June 20, 2022

The UBC IT Bulletins site will no longer be updated on July 18, 2022 and users will need to visit its replacement, the UBC IT Status Page at https://status.it.ubc.ca, where they can view or subscribe to status updates and incident notifications.

UBC IT Bulletins was kept as a legacy site in order to temporarily maintain RSS feeds and intended to provide users time to switch their subscriptions to the Status Page channels.

Before the decommission date of July 18, 2022, we recommend visitors go to https://status.it.ubc.ca to begin subscribing to the new notifications the Status Page has to offer. For our enterprise-level services, users can now subscribe in multiple ways that now include customizable push notifications:

  • SMS messaging
  • Email notifications
  • Webhooks
  • Twitter feed
  • A general RSS feed
  • Custom Slack notifications
  • Custom embed code via an API

Visit the UBC IT Status Page

VULNERABILITY ALERT: Google Chrome Browser for Desktop

By Operations Centre on February 15, 2021

The UBC Cybersecurity Team is aware that Google published a security advisory to address a vulnerability with Chrome for Desktop – a Heap buffer overflow in V8.

Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild.

The vulnerability affects Chrome for Desktop versions prior to 88.0.4324.150.

The impact of this vulnerability may allow a remote attacker to execute arbitrary code on the target system. Google did not release any technical details about this vulnerability.

 

This vulnerability is rated as a HIGH risk. A software patch exists to mitigate this risk. Please patch this vulnerability within 14 days.

Please notify security@ubc.ca with any questions or concerns you may have.

 

How to check and update your Chrome Version:

Chrome users can updated to v88.0.4324.150 via the browser’s built-in update function (see Chrome menu, Help option, and About Google Chrome section).

Navigate to Chrome menu (Three vertical dots in the top right corner)

  1. Select Help
  2. Select About Google Chrome
  3. Check that your Chrome version is 88.0.4324.150
  4. Update if an update is available

Note: This vulnerability is reported for Desktop versions of Google Chrome

 

Actions Required

These vulnerabilities are rated as an overall HIGH risk. A patch exists to mitigate this vulnerability. Please take mitigating actions within 14 Days of receiving this notification.

For more information on these vulnerabilities, please refer to links in references.

 

  1. Locate the device or application and investigate.
  2. Notify business owner(s).
  3. Perform mitigating actions as required within 14 Days of receiving this notification.

 

References

https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html

https://nakedsecurity.sophos.com/2021/02/05/chrome-zero-day-browser-bug-found-patch-now/

 

UBC Cybersecurity Confidential Communications

You may have noted that this vulnerability alert was taken directly from the UBC Cybersecurity Confidential Communications article posted at: https://cc.cybersecurity.ubc.ca/?p=7278

To ensure such timely information is not missed, if you haven’t already, please sign up for a privileged Confidential Communications account by going to the Confidential Communications portal at https://cc.cybersecurity.ubc.ca/ (VPN connection required) and selecting “Apply for Privileged Access” on the right-hand side under “Membership”. This particularly applies to administrators.

Posted in ,

Visit the UBC IT Website

Archives

RSS Feeds