Google patches an actively exploited Chrome zero-day

Google has launched today edition 88..4324.150 of the Chrome browser for Home windows, Mac, and Linux. Today’s launch is made up of only 1 bugfix for a zero-working day vulnerability that was exploited in the wild.

The zero-working day, which was assigned the identifier of CVE-2021-21148, was described as a “heap overflow” memory corruption bug in the V8 JavaScript engine.

Google stated the bug was exploited in attacks in the wild just before a protection researcher named Mattias Buelens documented the issue to its engineers on January 24.

Two times following Buelens’ report, Google’s stability workforce printed a report about assaults carried out by North Korean hackers against the cyber-stability group.

Some of these assaults consisted of luring protection scientists to a web site in which the attackers exploited browser zero-days to operate malware on researchers’ techniques.

In a report on January 28, Microsoft explained that attackers most possible employed a Chrome zero-working day for their attacks. In a report printed today, South Korean safety firm stated they discovered an Net Explorer zero-working day used for these assaults as very well.

Google did not say right now if the CVE-2021-21148 zero-working day was used in these assaults, though a lot of security scientists imagine it was so thanks to the proximity of the two gatherings.

But regardless of how this zero-working day was exploited, standard consumers are recommended to use Chrome’s designed-in update characteristic to update their browser to the latest edition as quickly as possible. This can be uncovered through the Chrome menu, Help alternative, and About Google Chrome section.

Right before present-day patches, Google went through a spell previous yr wherever it patched 5 actively-exploited Chrome zero-days in a span of three weeks.