Vulnerability makes Google Chrome and Microsoft Edge vulnerable

27.09.2021

Vulnerability makes Google Chrome and Microsoft Edge vulnerable – fix it now

Due to a security vulnerability, both Google Chrome and Microsoft Edge could become the target for cyberattacks. We get to the heart of what exactly happened and how you can best protect yourself from it.

What happened?

In a post on September 24, 2021, Chrome developers from Google Project Zero pointed out a security vulnerability (CVE-2021-37973 “high”) and possible resulting attacks. The vulnerabilities are located in the Portals application programming interface (API). Since this belongs to Chromium – the open-source variant of the browser – browsers based on this variant from other manufacturers are also affected: for example, Microsoft Edge, the web browser of the Windows manufacturer Microsoft.

What are the dangers for my company?

The vulnerability can be used remotely by attackers to access information, extract arbitrary program code, perform denial-of-service attacks, and install malware. It also warns of other, unspecified attacks. No specific privileges are required for the attackers to exploit the vulnerability. It only requires the interaction of the users, for example the click of a link.

According to the German Federal Office for Information Security (BSI), Google has already closed several vulnerabilities in Chrome.

What you can do – Perseus recommends:

Outdated browser versions are an enormous security risk and gateway for criminal hackers. We recommend that you perform the Perseus Browser Check from our toolbox regularly. This will let you know if your company’s browser is up to date.
Close the vulnerability by installing the security updates provided by the manufacturers.
If you have any further questions, the Perseus team of experts will be happy to assist you.