New Google Chrome Zero-Day Being Weaponized

Google Chrome Zero-Day Being Weaponized

Critical Chrome Vulnerability

Google has released Chrome 89.0.4389.72 today to the Stable Channel and is impacting Windows, Linux and Mac OS. CVE-2021-21148 has been marked as weaponized with active exploits taking place.

The Details

The Chrome 89.0.4389.72 release also contains a swathe of other security fixes and browser improvements.  In total, 47 bugs have been fixed, including a high-severity heap buffer overflow in TabStrip (CVE-2021-21159), another heap buffer overflow in WebAudio (CVE-2021-21160), and a use-after-free issue in WebRTC (CVE-2021-21162).

A total of eight vulnerabilities are considered high-severity.


Upgrade to the latest version of Chrome 89.0.4389.72 or later using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges.  Although the latest CVE carries a CVSS score of 8.8 (High Severity)  the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.