Google Chrome Zero-Day Is Currently Being Weaponized

Google Chrome Zero-Day Is Being Weaponized

Google has released 94.0.4606.61 today to the Stable Channel to resolve serious issues impacting Windows, Linux and Mac OS.

This year Google has released 11 zero-day versions of the Chrome browser. This vulnerability is being tracked under CVE-2021-37973 as a High Severity.

This zero-day is due to a vulnerability in the ‘use-after-free’ error when processing HTML content within the Portals component. A remote attacker can create a specially-crafted website, trick the victim into visiting it, trigger a use-after-free error, and execute arbitrary code on the system.

What’s the solution?

Upgrade to the latest version of Chrome stable channel using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges. The CVE carries a CVSS score of 8.4 (High Severity) and the vulnerability is being weaponized.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.