Google Chrome Zero-Day Being Weaponized
Google has released Chrome 88.0.4324.150 today, however a zero-day vulnerability has been weaponized with active exploits taking place.
New Chrome Vulnerability Exploited
Google has released Chrome 88.0.4324.150 to the Stable Channel and is impacting Windows, Linux and Mac OS. CVE-2021-21148 has been marked as weaponized with active exploits taking place.
What’s Been Resolved?
CVE-2021-21148: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a boundary error within the V8 engine in Google Chrome.
A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger heap-based buffer overflow, and execute arbitrary code on the target system.
What’s the Solution?
Upgrade to the latest version of Chrome (88.0.4324.150 or later) using Syxsense Secure.
Syxscore Risk Alert
This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges. Although the latest CVE carries a CVSS score of 8.8 (High Severity) the vulnerability is being weaponized.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope (Jump Point): No
Start a Free Trial of Syxsense
Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.