Microsoft Chromium-Based Vulnerabilities

Microsoft Chromium-Based Vulnerabilities

Two zero-day vulnerabilities affecting Chromium-based products have been released by Microsoft (No CVSS scores have been assigned by NIST and Microsoft yet).

Affected Systems

Chromium-based products (Chrome, Microsoft Edge, etc.)

IoC’s

-

Recommended Solution(s)

It is recommended that users update the above-mentioned applications to the latest version as soon as possible in order not to be affected by these vulnerabilities (For instance, for Chromium, you can update by clicking on Settings => Help => About Google Chrome.

CVE / CWE

CVE-2021-38003
CVE-2021-38000

Related Website(s)

• https://thehackernews.com/2021/10/google-releases-urgent-chrome-update-to.html
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38003
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38000

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.