Google notes that the update is being rolled out in the coming days/weeks, so we recommend a recurring patch policy to ensure devices are patched as the update becomes available to them. Once you create the policy, you can run it manually from the policy menu to instantly remediate. Though we recommend creating a recurring schedule to automate your patching. No need to insert a schedule if you plan to run the policy manually. If you don’t have an existing policy to patch Chrome, you can create a patch only policy to update Chrome across Windows, macOS, and Linux. You’ll need to “Patch Now” for macOS, Windows, and Linux separately with this methodology if you have devices running any of the three OSes with Chrome installed. ![]() Make sure to scan your devices prior to searching for the update, so that Automox detects it. Patch your devices immediately via the Software menu, simply by searching for the Chrome version (.69) and selecting “Patch Now” to instantly remediate. ![]() Since the update includes two zero-days that are being actively exploited in the wild, we strongly recommend patching as soon as possible. 69, which addresses the zero-days for Windows, macOS, and Linux. Depending on the privileges associated with the application, an attacker could view, change, or delete data. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. CVE-2021-38003 is a high severity “inappropriate implementation in V8” vulnerability, the open source JavaScript and WebAssembly engine for Chrome.This vulnerability appears to exploit the validation of these web app requests. The Chrome browser mediates the connection. The “Intents” is a component of Google Chrome that enables web applications to register as a service to provide specific types of functionality to other client web apps that request request it. CVE-2021-38000 is a high severity “insufficient validation of untrusted input in Intents” vulnerability. ![]() ![]() 69 are vulnerable, so update as soon as possible.ĬVE-2021-38000 and CVE-2021-38003 are both actively exploited zero-day vulnerabilities. On Thursday evening, Google released yet another emergency update to patch eight vulnerabilities, two of which are high severity zero-days, for Windows, macOS, and Linux.
0 Comments
Leave a Reply. |