Otto background

Google Issues Emergency Chrome Update to Patch Zero-Days

On Thursday evening, Google released yet another emergency update to patch eight vulnerabilities, two of which are high severity zero-days, for Windows, macOS, and Linux. Google Chrome versions prior to 95.0.4638.69 are vulnerable, so update as soon as possible.

CVE-2021-38000 and CVE-2021-38003 are both actively exploited zero-day vulnerabilities.

  • CVE-2021-38000 is a high severity “insufficient validation of untrusted input in Intents” vulnerability. The “Intents” is a component of Google Chrome that enables web applications to register as a service to provide specific types of functionality to other client web apps that request request it. The Chrome browser mediates the connection. This vulnerability appears to exploit the validation of these web app requests.
  • CVE-2021-38003 is a high severity “inappropriate implementation in V8” vulnerability, the open source JavaScript and WebAssembly engine for Chrome. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data.

Chrome Patching Action Required

Google has released Chrome version 95.0.4638.69, which addresses the zero-days for Windows, macOS, and Linux. Since the update includes two zero-days that are being actively exploited in the wild, we strongly recommend patching as soon as possible.

Patch your devices immediately via the Software menu, simply by searching for the Chrome version (95.0.4638.69) and selecting “Patch Now” to instantly remediate. Make sure to scan your devices prior to searching for the update, so that Automox detects it. You’ll need to “Patch Now” for macOS, Windows, and Linux separately with this methodology if you have devices running any of the three OSes with Chrome installed.

Automox screengrab patch Chrome zero-day vulnerabilities

If you don’t have an existing policy to patch Chrome, you can create a patch only policy to update Chrome across Windows, macOS, and Linux. No need to insert a schedule if you plan to run the policy manually. Though we recommend creating a recurring schedule to automate your patching.

Automox screengrab Chrome zero-day vulnerability policy

Once you create the policy, you can run it manually from the policy menu to instantly remediate.

Automox screengrab Chrome Zero Day remediation

Patching Recommendation

Google notes that the update is being rolled out in the coming days/weeks, so we recommend a recurring patch policy to ensure devices are patched as the update becomes available to them.

Continue Reading

Automox for Easy IT Operations

Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day. 

Grab your free trial of Automox and join thousands of companies transforming IT operations into a strategic business driver.