Google Deploys Emergency Chrome Patches for Two Actively Exploited Zero‑Days

Google issued emergency updates for Chrome to fix two critical zero‑day flaws that are already being weaponized in the wild. The first vulnerability allows an attacker to execute arbitrary code on a victim’s machine simply by delivering a maliciously crafted webpage. The second flaw lets a malicious browser extension break out of Chrome’s sandbox, giving the attacker direct access to the host operating system.

Both bugs provide a direct path to full system compromise, enabling data exfiltration, credential theft, and lateral movement across the network. Because Chrome is the most widely used browser in enterprise environments, successful exploitation can affect a large portion of an organization’s user base with minimal user interaction.

Defenders must prioritize deployment of the latest Chrome version across all endpoints, verify that the update has been applied, and monitor for known exploitation indicators such as suspicious web‑page redirects or unexpected extension activity. Additionally, enforce strict extension whitelisting and consider network‑level URL filtering to block known malicious sites that may attempt to trigger these exploits.

Categories: Vulnerabilities & Exploits

Source: Read original article