Google patches an actively exploited Chrome zero-working day

Google has released today version 88..4324.150 of the Chrome browser for Windows, Mac, and Linux. Modern release consists of only 1 bugfix for a zero-working day vulnerability that was exploited in the wild.

The zero-day, which was assigned the identifier of CVE-2021-21148, was explained as a “heap overflow” memory corruption bug in the V8 JavaScript motor.

Google stated the bug was exploited in assaults in the wild ahead of a safety researcher named Mattias Buelens described the challenge to its engineers on January 24.

Two times immediately after Buelens’ report, Google’s security team revealed a report about assaults carried out by North Korean hackers against the cyber-stability local community.

Some of these assaults consisted of luring protection scientists to a weblog in which the attackers exploited browser zero-days to operate malware on researchers’ methods.

In a report on January 28, Microsoft claimed that attackers most very likely employed a Chrome zero-day for their assaults. In a report printed currently, South Korean protection firm claimed they discovered an Web Explorer zero-day used for these assaults as effectively.

Google did not say today if the CVE-2021-21148 zero-day was applied in these attacks, though numerous protection scientists think it was so because of to the proximity of the two events.

But in spite of how this zero-working day was exploited, standard people are recommended to use Chrome’s created-in update aspect to update their browser to the most recent variation as shortly as achievable. This can be uncovered by means of the Chrome menu, Help alternative, and About Google Chrome section.

Ahead of present-day patches, Google went as a result of a spell very last yr wherever it patched five actively-exploited Chrome zero-days in a span of three months.