News18» News»Tech»Google Releases Chrome Update That Patches a Zero-Day Vulnerability
1-MIN READ

Google Releases Chrome Update That Patches a Zero-Day Vulnerability

Google Chrome.

Google Chrome.

The zero-day vulnerability, which was identified as 'CVE-2021-21148' was described as a "head overflow" memory corruption bug in the V8 JavaScript engine.

Google has released version 88.0.4324.150 of its Google Chrome browser for Windows, Mac, and Linux. The latest update for Chrome comes with an important fix for a zero-day vulnerability that is said to have been exploited actively. The zero-day vulnerability, which was identified as 'CVE-2021-21148' was described as a "head overflow" memory corruption bug in the V8 JavaScript engine. The Chrome update does not bring any changes to the browser apart from the fix for the zero-day vulnerability.

Google had said that the bug was exploited in the wild before a security researcher named Mattias Buelens reported the issue to Google on January 24. Just two days after Buelens' report, Google's security team published a report about attacks carried out by North Korean hackers against the cyber-security community. According to reports, some of these attacks consisted of luring security researchers to a blog where the attacker exploited the browser's zero-days to run malware on the researcher's systems.

In a report on January 28, Microsoft said that attackers most likely used a Chrome zero-day for their attacks. A South Korean security firm was cited by ZDNet in a report as saying that they discovered an Internet Explorer zero-day used for these attacks as well.

Now, while Google did not mention if the CVE-2021-21148 zero-day was used in these attacks, users are advised to use Chrome's built-in update feature to upgrade their browser to the latest version as soon as possible.

RELATED NEWS