On Thursday evening, Google released yet another emergency update to patch eight vulnerabilities, two of which are high severity zero-days, for Windows, macOS, and Linux. Google Chrome versions prior to 95.0.4638.69 are vulnerable, so update as soon as possible.
CVE-2021-38000 and CVE-2021-38003 are both actively exploited zero-day vulnerabilities.
- CVE-2021-38000 is a high severity “insufficient validation of untrusted input in Intents” vulnerability. The “Intents” is a component of Google Chrome that enables web applications to register as a service to provide specific types of functionality to other client web apps that request request it. The Chrome browser mediates the connection. This vulnerability appears to exploit the validation of these web app requests.
Chrome Patching Action Required
Google has released Chrome version 95.0.4638.69, which addresses the zero-days for Windows, macOS, and Linux. Since the update includes two zero-days that are being actively exploited in the wild, we strongly recommend patching as soon as possible.
Patch your devices immediately via the Software menu, simply by searching for the Chrome version (95.0.4638.69) and selecting “Patch Now” to instantly remediate. Make sure to scan your devices prior to searching for the update, so that Automox detects it. You’ll need to “Patch Now” for macOS, Windows, and Linux separately with this methodology if you have devices running any of the three OSes with Chrome installed.
If you don’t have an existing policy to patch Chrome, you can create a patch only policy to update Chrome across Windows, macOS, and Linux. No need to insert a schedule if you plan to run the policy manually. Though we recommend creating a recurring schedule to automate your patching.
Once you create the policy, you can run it manually from the policy menu to instantly remediate.
Google notes that the update is being rolled out in the coming days/weeks, so we recommend a recurring patch policy to ensure devices are patched as the update becomes available to them.
- Adobe Releases Urgent Updates for 14 Products
- How do I use Automox Worklets to automate cybersecurity compliance?
- Can I use SentinelOne and Automox together to stop cyber threats before they become breaches?
About Automox Automated IT Operations
Today’s IT leaders deserve better than tedious legacy tools to manage their infrastructure. From our single cloud-native platform, automate and scale your IT operations to meet the growing business demands of the modern workforce. With complete visibility of your entire environment, you can easily monitor, identify, and respond to issues in real-time across any endpoint, regardless of OS or location.
Demo Automox to see how you can immediately gain effortless command of your endpoints.