Skip to main content
Patch Management

Google Chrome Zero-Day Is Currently Being Weaponized

By September 27, 2021November 11th, 2022No Comments
||

Google Chrome Zero-Day Is Currently Being Weaponized

A Chrome zero-day has emerged from a vulnerability in the ‘use-after-free’ error when processing HTML content in the Portals component.

Google Chrome Zero-Day Is Being Weaponized

Google has released 94.0.4606.61 today to the Stable Channel to resolve serious issues impacting Windows, Linux and Mac OS.

This year Google has released 11 zero-day versions of the Chrome browser. This vulnerability is being tracked under CVE-2021-37973 as a High Severity.

This zero-day is due to a vulnerability in the ‘use-after-free’ error when processing HTML content within the Portals component. A remote attacker can create a specially-crafted website, trick the victim into visiting it, trigger a use-after-free error, and execute arbitrary code on the system.

What’s the solution?

Upgrade to the latest version of Chrome stable channel using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges. The CVE carries a CVSS score of 8.4 (High Severity) and the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Leave a Reply