Google Chrome Zero-Day Is Currently Being Weaponized
A new Google Chrome zero-day allows a remote attacker to create a specially crafted web page and trigger a use-after-free error.
Google Chrome Zero-Day Is Being Weaponized
Google has released 95.0.4638.69 today to the Stable Channel to resolve serious issues impacting Windows, Linux and Mac OS. So far this year Google have released over 13 Zero Day versions of the Chrome browser so far. This vulnerability is being tracked under CVE-2021-38000 and CVE-2021-38003 and are both Critical Severity.
A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
What’s the solution?
Upgrade to the latest version of Chrome stable channel using Syxsense Secure.
Syxscore Risk Alert
his vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges. The CVE carries a CVSS score of 8.8 (High Severity) and the vulnerability is being weaponized.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope (Jump Point): No
Start a Free Trial of Syxsense
Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.