New Google Chrome Zero-Day Bug Being Weaponized

Chrome Zero-Day Is Currently Weaponized

Google has released 93.0.4577.82 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing a total of 9 vulnerabilities.

This year Google have released 10 zero-day versions of Chrome. One of the bugs, tracked as CVE-2021-30632, is an out-of-bounds write which if exploited could compromise the entire system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in V8.  A remote attacker can create a specially crafted web page, trick the victim into opening it, and execute arbitrary code on the target system. This has been reported to be weaponized.

What’s the solution?

Upgrade to the latest version of Chrome stable channel using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges. The CVE carries a CVSS score of 8.8 (High Severity) and the vulnerability is being weaponized.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.