Google Chrome Zero-Day Being Weaponized
A new Chrome vulnerability allows a remote attacker to create a webpage, trick the victim into visiting it, and execute arbitrary code.
Google Warns of New Zero-Day
Google has released Chrome_v89.0.4389.90 to the Stable Channel for Windows, Linux and Mac OS, fixing a total of 8 vulnerabilities. Google has released three zero-day versions of Chrome this year.
The vulnerability exists due to a use-after-free error within Blink component in Google Chrome. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
How to Resolve the Chrome Zero-Day
Upgrade to the latest version of Chrome_v89.0.4389.90 or later using Syxsense Secure.
Syxscore Risk Alert
This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges. Although the latest CVE carries a CVSS score of 8.4 (High Severity), the vulnerability is being weaponized.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope (Jump Point): No
Start a Free Trial of Syxsense
Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.