Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30480PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194PUBLISHED: 2021-04-09Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195PUBLISHED: 2021-04-09Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21196PUBLISHED: 2021-04-09Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21197PUBLISHED: 2021-04-09Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
User Rank: Ninja
1/24/2018 | 9:48:30 PM
But, of course, for all anyone knows, the vulnerability has already been exploited in the wild (and, if so, very possibly even by nation-state actors, who would probably be the best poised to have known about the vulnerability and have done so -- especially without you finding out about it).
Sure, good coordination has to go into vulnerabilty announcements and patch processes, but because this particular vulnerability is so disastrous and severe, it would be hard for much of the population to not take a Chicken Little approach here. It's a pretty bad vulnerability.