On 30 March 2021, Google released Chrome version 89.0.4389.114 for Windows, Mac and Linux. The updates address several high-severity vulnerabilities and will be rolling out in the next few days/weeks.
- The flaws are tracked as CVE-2021-21194, CVE-2021-21195, CVE-2021-21196, CVE-2021-21197, CVE-2021-21198, and CVE-2021-21199.
- The most severe of the flaws could allow for arbitrary code execution in the context of the browser.
- Malicious actors could exploit the flaws by tricking a user to visit a specially-crafted web page.
- Depending on the privileges associated with the application, an attacker could view, change, or delete data.
- If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
Why it’s important
- There is a high risk associated with browser vulnerabilities as threat actors often exploit them for malicious purposes.
- If you are using a vulnerable version of Chrome, update to the latest version as soon as it becomes available.
- Windows, Mac and Linux desktop users can upgrade by going to Settings->Help->About Google Chrome.
- Ensure that your organization has the least privilege access control implemented to restrict access rights to only those resources that are appropriate for a user.
References: Google Chrome Release