Google had said that the bug was exploited in the wild before a security researcher named Mattias Buelens reported the issue to Google on January 24. Just two days after Buelens' report, Google's security team published a report about attacks carried out by North Korean hackers against the cyber-security community. According to reports, some of these attacks consisted of luring security researchers to a blog where the attacker exploited the browser's zero-days to run malware on the researcher's systems.
In a report on January 28, Microsoft said that attackers most likely used a Chrome zero-day for their attacks. A South Korean security firm was cited by ZDNet in a report as saying that they discovered an Internet Explorer zero-day used for these attacks as well.
Now, while Google did not mention if the CVE-2021-21148 zero-day was used in these attacks, users are advised to use Chrome's built-in update feature to upgrade their browser to the latest version as soon as possible.