Skip to main content
Patch Management

Google Rushes Out Fix for Weaponized Chrome Zero-Day

By March 17, 2021November 10th, 2022No Comments
||

Google Chrome Zero-Day Being Weaponized

A new Chrome vulnerability allows a remote attacker to create a webpage, trick the victim into visiting it, and execute arbitrary code.

Google Warns of New Zero-Day

Google has released Chrome_v89.0.4389.90 to the Stable Channel for Windows, Linux and Mac OS, fixing a total of 8 vulnerabilities. Google has released three zero-day versions of Chrome this year.

The vulnerability exists due to a use-after-free error within Blink component in Google Chrome. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

How to Resolve the Chrome Zero-Day

Upgrade to the latest version of Chrome_v89.0.4389.90 or later using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges. Although the latest CVE carries a CVSS score of 8.4 (High Severity), the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Leave a Reply