Google Chrome Zero-Day Is Currently Being Weaponized
A Chrome zero-day has emerged from a vulnerability in the ‘use-after-free’ error when processing HTML content in the Portals component.
Google Chrome Zero-Day Is Being Weaponized
Google has released 94.0.4606.61 today to the Stable Channel to resolve serious issues impacting Windows, Linux and Mac OS.
This year Google has released 11 zero-day versions of the Chrome browser. This vulnerability is being tracked under CVE-2021-37973 as a High Severity.
This zero-day is due to a vulnerability in the ‘use-after-free’ error when processing HTML content within the Portals component. A remote attacker can create a specially-crafted website, trick the victim into visiting it, trigger a use-after-free error, and execute arbitrary code on the system.
What’s the solution?
Upgrade to the latest version of Chrome stable channel using Syxsense Secure.
Syxscore Risk Alert
This vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges. The CVE carries a CVSS score of 8.4 (High Severity) and the vulnerability is being weaponized.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope (Jump Point): No
Start a Free Trial of Syxsense
Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.