Google Chrome Zero-Day Being Weaponized
Critical Chrome Vulnerability
Google has released Chrome 89.0.4389.72 today to the Stable Channel and is impacting Windows, Linux and Mac OS. CVE-2021-21148 has been marked as weaponized with active exploits taking place.
The Details
The Chrome 89.0.4389.72 release also contains a swathe of other security fixes and browser improvements. In total, 47 bugs have been fixed, including a high-severity heap buffer overflow in TabStrip (CVE-2021-21159), another heap buffer overflow in WebAudio (CVE-2021-21160), and a use-after-free issue in WebRTC (CVE-2021-21162).
A total of eight vulnerabilities are considered high-severity.
Solution
Upgrade to the latest version of Chrome 89.0.4389.72 or later using Syxsense Secure.
Syxscore Risk Alert
This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges. Although the latest CVE carries a CVSS score of 8.8 (High Severity) the vulnerability is being weaponized.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope (Jump Point): No
Start a Free Trial of Syxsense
Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.