Home / About / Threat Intelligence / High-Severity Zero-day flaws in Chrome

Overview

Google has released a Chrome update to fix two zero-day vulnerabilities that seem to be being actively exploited in the wild.
The two flaws are being tracked with a common vulnerability and exposure ID number, (CVE-2021-38000 and CVE-2021-38003), these are the 12th & 13th Zero-Day exploits discovered in 2021.

Impact

There has been no disclosure yet regarding the impacts, victims or possible threat actors behind the exploits. CVE numbers have been assigned but, at the time of writing, are reserved and contain no detail regarding their impact or severity. Given that the vulnerabilities have been discovered being actively exploited in the wild the assigned severity is likely to be critical.

Vulnerability Detection

Those with Google Chrome version 95.0.4638.69 or higher are safe. Any version of Google Chrome prior to 95.0.4638.69 are at risk.

Affected Products

Google Chrome – and likely any other browser based on the Chromium platform, such as Brave and Edge.

Containment, Mitigations & Remediations

In order to remediate or mitigate the exploitation of this vulnerability, it is advised to apply patches to bring your browser up to the latest version.
To check if your browser is protected execute the following:
* Settings > Help > About > Check the Chrome version.

If you do not have the updated version then update your chrome browser by:
* > Open Chrome > At the top right, click more > Click Update Google Chrome (if you don’t see this button you are on the latest version) > Click Relaunch.

If you believe that you may already have been compromised it may be advisable to contact an organisation with Incident Response and Digital Forensics capabilities before updating the browser in order to ensure the preservation of evidence.

Indicators of Compromise

There are no IoC’s available at this time.

Threat Landscape

The attack against Google Chrome is particularly effective and desirable by attackers due to the widespread use of the web browsing platform and its use on/against multiple Operating System (OS) platforms.

Mitre Methodologies

T1189 – Drive-by Compromise