Skip to main content
News

New Google Chrome Zero-Day Being Weaponized

By March 4, 2021November 10th, 2022No Comments
||

Google Chrome Zero-Day Being Weaponized

Google has released Chrome 89.0.4389.72 today to the Stable Channel and is impacting Windows, Linux and Mac OS.

Critical Chrome Vulnerability

Google has released Chrome 89.0.4389.72 today to the Stable Channel and is impacting Windows, Linux and Mac OS. CVE-2021-21148 has been marked as weaponized with active exploits taking place.

The Details

The Chrome 89.0.4389.72 release also contains a swathe of other security fixes and browser improvements.  In total, 47 bugs have been fixed, including a high-severity heap buffer overflow in TabStrip (CVE-2021-21159), another heap buffer overflow in WebAudio (CVE-2021-21160), and a use-after-free issue in WebRTC (CVE-2021-21162).

A total of eight vulnerabilities are considered high-severity.

Solution

Upgrade to the latest version of Chrome 89.0.4389.72 or later using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges.  Although the latest CVE carries a CVSS score of 8.8 (High Severity)  the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Leave a Reply