Google Fixes Exploited Chrome Zero-Day Flaw
A new Chrome zero-day vulnerability is being exploited due to a type confusion error within the V8 browser engine.
Google Warns of Newly Exploited Zero-Day Flaw
Google has released Chrome_v90.0.4430.85 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing a total of 7 vulnerabilities. This year, Google has released at least one zero-day version of Chrome each month.
The vulnerability exists due to a type confusion error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to Resolve the Chrome Zero-Day
Upgrade to the latest version of Chrome or later using Syxsense Secure.
Syxscore Risk Alert
This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges. The CVE carries a CVSS score of 8.8 (High Severity) the vulnerability is being weaponized.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope (Jump Point): No