Google has released version 88.0.4324.150 of its Google Chrome browser for Windows, Mac, and Linux. The latest update for Chrome comes with an important fix for a zero-day vulnerability that is said to have been exploited actively. The zero-day vulnerability, which was identified as ‘CVE-2021-21148’ was described as a “head overflow” memory corruption bug in the V8 JavaScript engine. The Chrome update does not bring any changes to the browser apart from the fix for the zero-day vulnerability.
Google had said that the bug was exploited in the wild before a security researcher named Mattias Buelens reported the issue to Google on January 24. Just two days after Buelens’ report, Google’s security team published a report about attacks carried out by North Korean hackers against the cyber-security community. According to reports, some of these attacks consisted of luring security researchers to a blog where the attacker exploited the browser’s zero-days to run malware on the researcher’s systems.
In a report on January 28, Microsoft said that attackers most likely used a Chrome zero-day for their attacks. A South Korean security firm was cited by ZDNet in a report as saying that they discovered an Internet Explorer zero-day used for these attacks as well.
Now, while Google did not mention if the CVE-2021-21148 zero-day was used in these attacks, users are advised to use Chrome’s built-in update feature to upgrade their browser to the latest version as soon as possible.
Read all the Latest News, Breaking News and Coronavirus News here
Comments
0 comment