No action is needed for CoreImage machines. This message is intended for U-M IT staff who are responsible for university devices running the Google Chrome web browser. It will also be of interest to individuals who have Chrome installed on their own devices.
Summary
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.