Vulnerability makes Google Chrome and Microsoft Edge vulnerable – fix now

Threat Alert

Due to a security vulnerability, both Google Chrome and Microsoft Edge could become a target for cyberattacks. We’ll get to the heart of what exactly happened and how you can best protect yourself against it.

What happened?

In a post dated September 24, 2021, Chrome developers from Google Project Zero pointed out a vulnerability (CVE-2021-37973 “high”) and possible resulting attacks. The vulnerabilities are in the Portals application programming interface (API). Since this belongs to Chromium – the open-source variant of the browser – browsers from other manufacturers based on this variant are also affected: for example, Microsoft Edge, the web browser from Windows manufacturer Microsoft.

What are the dangers for my company?

The vulnerability can be used remotely by attackers to access information, execute arbitrary program codes, perform denial-of-service attacks and install malware. There are also warnings of other unspecified attacks. No specific privileges are required for the attackers to exploit the vulnerability. It only requires user interaction, such as clicking a link.

According to the German Federal Office for Information Security (BSI), Google has already closed several vulnerabilities in Chrome.

What you can do – Perseus recommends:

  • Outdated browser versions are a huge security risk and gateway for criminal hackers. We recommend that you regularly run the Perseus Browser Check from our toolbox. This will tell you whether your company’s browser is up to date.
  • Close the security gap by installing the security updates provided by the manufacturers.
  • If you have any further questions, the Perseus team of experts will be happy to help.