Skip to content
.ca
sign in
2 minmedium

Cyber Centre Daily Advisory Digest — 2026-04-23 (2 advisories)

The Canadian Centre for Cyber Security published a daily digest highlighting recent security advisories for Google Chrome and GitHub Enterprise Server. Organizations are advised to patch these products to their latest versions to mitigate undisclosed vulnerabilities.

Conf:highAnalyzed:2026-04-23reports

Authors: Canadian Centre for Cyber Security

Security AdvisoryVulnerabilityGitHub Enterprise ServerGoogle Chrome

Source:Canadian Centre for Cyber Security

Key Takeaways

  • Google released a security advisory for Chrome Desktop addressing vulnerabilities in versions prior to 147.0.7727.116/117.
  • GitHub released security advisories for Enterprise Server addressing vulnerabilities across multiple version branches (3.16.x to 3.20.x).
  • Users and administrators are strongly encouraged to apply the necessary updates to prevent potential exploitation.

Affected Systems

  • Stable Channel Chrome for Desktop (Windows, Mac, Linux)
  • GitHub Enterprise Server (versions 3.16.x, 3.17.x, 3.18.x, 3.19.x, 3.20.x)

Detection Availability

  • YARA Rules: No
  • Sigma Rules: No
  • Snort/Suricata Rules: No
  • KQL Queries: No
  • Splunk SPL Queries: No
  • EQL Queries: No
  • Other Detection Logic: No

N/A

Detection Engineering Assessment

EDR Visibility: None — This is a vulnerability advisory digest; no specific threat behaviors or EDR telemetry are discussed. Network Visibility: None — No network indicators or exploitation traffic patterns are provided in the advisories. Detection Difficulty: N/A — No active threat detection is described; the focus is entirely on vulnerability management and patching.

Required Log Sources

  • Vulnerability Management Scanners
  • Software Inventory Logs

Hunting Hypotheses

HypothesisTelemetryATT&CK StageFP Risk
Adversaries may exploit unpatched vulnerabilities in Google Chrome or GitHub Enterprise Server to execute arbitrary code, resulting in unexpected child processes spawning from the browser or server binaries.Process creation logs (Event ID 4688, Sysmon Event ID 1)ExecutionMedium

Control Gaps

  • Patch management delays
  • Lack of automated browser updates

False Positive Assessment

  • Low

Recommendations

Immediate Mitigation

  • Update Google Chrome to version 147.0.7727.116/117 (Windows/Mac) or 147.0.7727.116 (Linux).
  • Update GitHub Enterprise Server to versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, or 3.16.17 depending on the current branch in use.

Infrastructure Hardening

  • Implement automated patching for web browsers across the enterprise.
  • Ensure critical infrastructure like GitHub Enterprise Server is included in regular vulnerability scanning and patch cycles.

User Protection

  • Prompt users to restart their browsers to apply pending Google Chrome updates.

Security Awareness

  • Remind administrators to monitor vendor security advisories for critical infrastructure components.

MITRE ATT&CK Mapping

  • T1190 - Exploit Public-Facing Application
  • T1189 - Drive-by Compromise

Related