Google has released an update for its Chrome web browser that fixes five security flaws, including a zero-day vulnerability known to be exploited by malicious actors. The bugs affect Windows, macOS and Linux versions of the browser.
If exploited, an attacker could take control of an affected system. In an update, Google said it was "aware of reports that an exploit for CVE-2021-21193 exists in the wild."
WeLiveSecurity reports that "a remote attacker could exploit the high-severity vulnerability by tricking an unsuspecting victim into visiting a specially crafted website, after which they could execute arbitrary code or even cause a denial-of-service attack on the vulnerable system."
Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile security solutions, says, “Chrome is by far the most popular browser across laptops, desktops, tablets, and most smartphones. The Chrome browser is used to access every cloud-based service that an organization uses such as Google Workspace, Zoom, Slack, and Salesforce.
Schless adds, "Google has been able to patch vulnerabilities quickly because Chrome is a cloud-based solution across Windows, Mac, Android, iOS, and other devices. This is a good example of why it’s important to use a cloud-based solution rather than legacy apps that are supported by on-premise infrastructure. If these vulnerabilities were found in an on-premise service, the onus would be on each organization’s administrators to manually run updates. The lag time between when a vulnerability is discovered and the patch is installed represents a window of opportunity for attackers to exploit the vulnerability, infiltrate the infrastructure, and steal valuable data.”
Jack Mannino, CEO at nVisium, a Falls Church, Virginia-based application security provider, explains, “Attackers will continue targeting web browsers because this remains a great entry point to compromising endpoints inside of an organization. Browsers are a great way to deliver exploits across a variety of technologies supported by browser extensions and plugins. Web browsers tend to be patched faster in many organizations than other applications and packages. Extensions tend to be updated less frequently, with less enterprise controls enforced for hardening these additional attack surfaces.”