I've been trying to find a good set of parameters to use for catching Chrome, Edge Chromium, and Firefox updates, but I have noticed that they never seem to be listed with severity "Critical" despite being declared a 0-day eventually. That might be the way updates are classified and do not change, perhaps? So far, I have looked at this criteria:
Severity is "Important"
Description contains "CVE-2024" (which works for Edge Chromium and Mozilla Firefox) and "High CVE-2024" (which works for Google Chrome).
I am mainly curious if there is anything which differentiates an update as 0-Day (which by my perspective should be upgraded to "Critical."
Any help would be appreciated.
SS
Neither Google nor Microsoft stated that any of these CVEs are Critical! Google marked the highest ones as Important/High only! So did we. I wonder why they didn't mark the 0-day ones as Critical though! Chrome Releases: Stable Channel Update for Desktop (googleblog.com) (https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html)
A curious point. It does seem that they should elevate the rating on their releases when they flip to 0-day. Does the text in the description for each product always come from the release notes? I would assume so. It probably explains how the text is always so different (Chrome never mentions High for their CVEs). I know PmPC is only going by what the developers release. Thanks for your help!