April 17, 2022 

Google Chrome 0-Day Vulnerability Exploited in the Wild

Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day. 

The updated version is 100.0.4896.127 for Windows, Mac and Linux. 

The Vulnerability

• CVE-2021-4102, High Severity – type confusion weakness in the Chrome V8 JavaScript engine. 

While type confusion vulnerabilities typically cause browser crashes when successfully
exploited by reading or writing memory outside of buffer bounds, they can also be used to execute arbitrary code. 

Affected Products

Chrome for Desktop prior to version 100.0.4896.127. 

Mitigation

CYREBRO recommends updating the browser to the latest Chrome version, 100.0.4896.127 for Windows, Mac and Linux. 

References: Google Advisory