Google Chrome Zero-Day Being Weaponized
Google has released Chrome 89.0.4389.72 today to the Stable Channel and is impacting Windows, Linux and Mac OS.
Critical Chrome Vulnerability
Google has released Chrome 89.0.4389.72 today to the Stable Channel and is impacting Windows, Linux and Mac OS. CVE-2021-21148 has been marked as weaponized with active exploits taking place.
The Details
The Chrome 89.0.4389.72 release also contains a swathe of other security fixes and browser improvements. In total, 47 bugs have been fixed, including a high-severity heap buffer overflow in TabStrip (CVE-2021-21159), another heap buffer overflow in WebAudio (CVE-2021-21160), and a use-after-free issue in WebRTC (CVE-2021-21162).
A total of eight vulnerabilities are considered high-severity.
Solution
Upgrade to the latest version of Chrome 89.0.4389.72 or later using Syxsense Secure.
Syxscore Risk Alert
This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges. Although the latest CVE carries a CVSS score of 8.8 (High Severity) the vulnerability is being weaponized.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope (Jump Point): No
Start a Free Trial of Syxsense
Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.
