New Google Chrome Vulnerability Being Weaponized
A new Chrome vulnerability lets a remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Chrome Zero-Day Is Currently Weaponized
Google has released 91.0.4472.101 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing a total of 14 vulnerabilities. This year Google released at least one zero-day version of Chrome each month.
One of the bugs, tracked as CVE-2021-30551, exists due to a use-after-free error within the BFCache component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system and has been reported to be weaponized.
Upgrade to the latest version of Chrome or later using Syxsense Secure.
Syxscore Risk Alert
This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges. The CVE carries a CVSS score of 8.7 (High Severity) the vulnerability is being weaponized.
This vulnerability if exposed, has a Scope (Jump Point) of True, which means it can be used to transfer into another part of the system making this more serious.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope (Jump Point): Yes
Start a Free Trial of Syxsense
Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.