• Zero days in browser

    Posted on October 28, 2021 at 18:53 CDT by Comment in the Forums

    Whether or not you’ve installed the October updates, make sure your Chrome – and even Edge – browser is up to date.

    Two in-the-wild 0-days patched by Chrome: CVE-2021-38000 and CVE-2021-38003.

    Regardless of how you patch the underlying operating system, you want to make sure your browser is fully patched.

    Another operating system zero day was announced but I’m not as concerned about it. Given that “the exploit requires a threat actor to know another user’s user name and password to trigger the vulnerability, so it will likely not be widely abused in attacks“… this is one of those they need to get into your system or harvest information first. Thus it’s more of a business/enterprise risk for when the attacker is already in the network and has harvested credentials in the network per my read.

    Edit on 10-29-2021 – Edge’s Chromium update is now out.

    Windows Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.