Summary: Google has reported two zero-day vulnerabilities impacting their Chrome web browser with patches available to remediate the vulnerabilities currently exploited by unscrupulous actors.

What is it? Zero-day vulnerabilities are those vulnerabilities that are not known to have been reported and/or discovered or that a patch has not been made yet to address the vulnerability. These are currently impacting Windows, MacOS, and Linux operating environments. The vulnerabilities are tracked as Common Vulnerabilities and Exposures (CVEs) and are tracked by year and vulnerability number.

CVE-2021-38000 and CVE-2021-38003: Vulnerability allows a remote attacker to compromise the exposed system due to insecure implementation in Chrome’s Javascript engine, V-8.

Mitigation: Update to version 95.0.4638.69. All version prior to 95.0.4638.69. are vulnerable to the CVE’s listed above. To install the update, go to Chrome -> Help -> About Google Chrome. Here you will see your current version and patch availability.

Step 1: Go to the top right of any Chrome browser and click “Update”.

Step 2: Go to “About Google Chrome” to verify the version and available software for patching.

Step 3: Apply the patch and “Relaunch” Google Chrome.

Please contact your ECC IT service lead at (301) 337-3100 if you have any questions about this CVE and any other security related considerations pertaining to your IT environment.