Skip to main content
Tag

Google Chrome

||

New Google Chrome Zero Day Weaponized

By Patch ManagementNo Comments

Google Chrome Zero-Day Is Being Weaponized

Google has released 98.0.4758.102 today to the Stable Channel to resolve serious issues impacting Windows, Linux and Mac OS.  So far this year this is the first Google Zero Day version of the Chrome browser, on par with last year’s record cadence of 16 Weaponised versions throughout the year.  This vulnerability is being tracked under CVE-2022-0609 and are both Critical Severity.

A remote attacker can create a specially-crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

What’s the solution?

Upgrade to the latest version of Chrome stable channel using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges.  The CVE carries a CVSS score of 8.8 (High Severity) and the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 16, 2022
Love0
||

Google Chrome Zero-Day Flaw Is Currently Being Weaponized

By Patch ManagementNo Comments

Google Chrome Zero-Day Is Currently Being Weaponized

A new Google Chrome zero-day allows a remote attacker to create a specially crafted web page and trigger a use-after-free error.

Google Chrome Zero-Day Is Being Weaponized

Google has released 95.0.4638.69 today to the Stable Channel to resolve serious issues impacting Windows, Linux and Mac OS.  So far this year Google have released over 13 Zero Day versions of the Chrome browser so far.  This vulnerability is being tracked under CVE-2021-38000 and CVE-2021-38003 and are both Critical Severity.

A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

What’s the solution?

Upgrade to the latest version of Chrome stable channel using Syxsense Secure.

Syxscore Risk Alert

his vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges.  The CVE carries a CVSS score of 8.8 (High Severity) and the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
November 3, 2021
Love0
||

Google Chrome Zero-Day Is Currently Being Weaponized

By Patch ManagementNo Comments

Google Chrome Zero-Day Is Currently Being Weaponized

A Chrome zero-day has emerged from a vulnerability in the ‘use-after-free’ error when processing HTML content in the Portals component.

Google Chrome Zero-Day Is Being Weaponized

Google has released 94.0.4606.61 today to the Stable Channel to resolve serious issues impacting Windows, Linux and Mac OS.

This year Google has released 11 zero-day versions of the Chrome browser. This vulnerability is being tracked under CVE-2021-37973 as a High Severity.

This zero-day is due to a vulnerability in the ‘use-after-free’ error when processing HTML content within the Portals component. A remote attacker can create a specially-crafted website, trick the victim into visiting it, trigger a use-after-free error, and execute arbitrary code on the system.

What’s the solution?

Upgrade to the latest version of Chrome stable channel using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges. The CVE carries a CVSS score of 8.4 (High Severity) and the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
September 27, 2021
Love0
||

New Google Chrome Zero-Day Bug Being Weaponized

By Patch ManagementNo Comments

New Google Chrome Zero-Day Bug Being Weaponized

A new Chrome vulnerability exists due to a boundary error when processing untrusted HTML content in V8 — protect yourself from attackers.

Chrome Zero-Day Is Currently Weaponized

Google has released 93.0.4577.82 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing a total of 9 vulnerabilities.

This year Google have released 10 zero-day versions of Chrome. One of the bugs, tracked as CVE-2021-30632, is an out-of-bounds write which if exploited could compromise the entire system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in V8.  A remote attacker can create a specially crafted web page, trick the victim into opening it, and execute arbitrary code on the target system. This has been reported to be weaponized.

What’s the solution?

Upgrade to the latest version of Chrome stable channel using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges. The CVE carries a CVSS score of 8.8 (High Severity) and the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
September 14, 2021
Love0
||

Google Chrome Zero-Day Currently Being Weaponized

By Patch ManagementNo Comments

Google Chrome Zero-Day Currently Being Weaponized

Google has released 91.0.4472.114 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing 4 vulnerabilities.

Chrome Zero-Day Is Currently Weaponized

Google has released 91.0.4472.114 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing a total of 4 vulnerabilities. Google has released at least one zero-day version of Chrome each month in 2021.

One of the bugs, tracked as CVE-2021-30554, exists due to a use-after-free error within the WebGL component in Google Chrome.  A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system. and has been reported to be weaponized.

Solution

Upgrade to the latest version of Chrome or later using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges.  The CVE carries a CVSS score of 8.4 (High Severity)  the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 18, 2021
Love0
||

Google Chrome Vulnerability Being Weaponized

By Patch ManagementNo Comments

New Google Chrome Vulnerability Being Weaponized

A new Chrome vulnerability lets a remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Chrome Zero-Day Is Currently Weaponized

Google has released 91.0.4472.101 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing a total of 14 vulnerabilities. This year Google released at least one zero-day version of Chrome each month.

One of the bugs, tracked as CVE-2021-30551, exists due to a use-after-free error within the BFCache component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system and has been reported to be weaponized.

Solution

Upgrade to the latest version of Chrome or later using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges. The CVE carries a CVSS score of 8.7 (High Severity)  the vulnerability is being weaponized.

This vulnerability if exposed, has a Scope (Jump Point) of True, which means it can be used to transfer into another part of the system making this more serious.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Yes

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 10, 2021
Love0
||

Google Chrome Vulnerability Being Weaponized

By Patch ManagementNo Comments

Google Chrome Vulnerability Being Weaponized

A new Chrome use-after-free memory corruption flaw that affects Adobe Reader for Windows has been reported to be weaponized.

Chrome Zero-Day Is Currently Weaponized

Google has released Chrome_v9 90.0.4430.212 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing a total of 43 vulnerabilities. So far this year, Google released at least one zero-day version of Chrome each month.

One of the bugs, tracked as CVE-2021-28550, is a use-after-free memory corruption flaw that affects Adobe Reader for Windows that has been reported to be weaponized.

Solution

Upgrade to the latest version of Chrome or later using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges.  The CVE carries a CVSS score of 7.8 (High Severity)  the vulnerability is being weaponized.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
May 13, 2021
Love0
||

Google Fixes Exploited Chrome Zero-Day Flaw

By Patch ManagementNo Comments

Google Fixes Exploited Chrome Zero-Day Flaw

A new Chrome zero-day vulnerability is being exploited due to a type confusion error within the V8 browser engine.

Google Warns of Newly Exploited Zero-Day Flaw

Google has released Chrome_v90.0.4430.85 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing a total of 7 vulnerabilities. This year, Google has released at least one zero-day version of Chrome each month.

The vulnerability exists due to a type confusion error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to Resolve the Chrome Zero-Day

Upgrade to the latest version of Chrome or later using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges.  The CVE carries a CVSS score of 8.8 (High Severity)  the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
April 21, 2021
Love0
||

Google Rushes Out Fix for Weaponized Chrome Zero-Day

By Patch ManagementNo Comments

Google Chrome Zero-Day Being Weaponized

A new Chrome vulnerability allows a remote attacker to create a webpage, trick the victim into visiting it, and execute arbitrary code.

Google Warns of New Zero-Day

Google has released Chrome_v89.0.4389.90 to the Stable Channel for Windows, Linux and Mac OS, fixing a total of 8 vulnerabilities. Google has released three zero-day versions of Chrome this year.

The vulnerability exists due to a use-after-free error within Blink component in Google Chrome. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

How to Resolve the Chrome Zero-Day

Upgrade to the latest version of Chrome_v89.0.4389.90 or later using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges. Although the latest CVE carries a CVSS score of 8.4 (High Severity), the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 17, 2021
Love0
||

New Google Chrome Zero-Day Being Weaponized

By NewsNo Comments

Google Chrome Zero-Day Being Weaponized

Google has released Chrome 89.0.4389.72 today to the Stable Channel and is impacting Windows, Linux and Mac OS.

Critical Chrome Vulnerability

Google has released Chrome 89.0.4389.72 today to the Stable Channel and is impacting Windows, Linux and Mac OS. CVE-2021-21148 has been marked as weaponized with active exploits taking place.

The Details

The Chrome 89.0.4389.72 release also contains a swathe of other security fixes and browser improvements.  In total, 47 bugs have been fixed, including a high-severity heap buffer overflow in TabStrip (CVE-2021-21159), another heap buffer overflow in WebAudio (CVE-2021-21160), and a use-after-free issue in WebRTC (CVE-2021-21162).

A total of eight vulnerabilities are considered high-severity.

Solution

Upgrade to the latest version of Chrome 89.0.4389.72 or later using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges.  Although the latest CVE carries a CVSS score of 8.8 (High Severity)  the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 4, 2021
Love0