Google has patched a zero-working day vulnerability in Chrome web browser for desktop that it claims is staying actively exploited in the wild.
The company launched 88..4324.150 for Windows, Mac, and Linux, with a deal with for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.
“Google is informed of experiences that an exploit for CVE-2021-21148 exists in the wild,” the firm stated in a assertion.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The security flaw was noted to Google by Mattias Buelens on January 24.
Previously on February 2, Google resolved 6 issues in Chrome, including a person critical use just after totally free vulnerability in Payments (CVE-2021-21142) and 4 substantial severity issues in Extensions, Tab Teams, Fonts, and Navigation capabilities.
While it really is normal of Google to restrict specifics of the vulnerability till a majority of users are updated with the deal with, the development comes weeks immediately after Google and Microsoft disclosed attacks carried out by North Korean hackers in opposition to security scientists with an elaborate social engineering campaign to put in a Windows backdoor.
With some researchers contaminated just by viewing a fake investigation web site on absolutely patched systems working Windows 10 and Chrome browser, Microsoft, in a report published on January 28, had hinted that the attackers probable leveraged a Chrome zero-working day to compromise the devices.
Whilst it is really not straight away distinct if CVE-2021-21148 was utilised in these attacks, the timing of the revelations and the simple fact that Google’s advisory arrived out just one particular working day right after Buelens reported the issue implies they could be linked.
In a separate technological publish-up, South Korean cybersecurity firm ENKI stated the North Korean state-sponsored hacking team identified as Lazarus built an unsuccessful endeavor at targeting its security scientists with destructive MHTML documents that, when opened, downloaded two payloads from a remote server, one particular of which contained a zero-working day in opposition to Internet Explorer.
“The secondary payload consists of the attack code that attacks the vulnerability of the Internet Explorer browser,” ENKI researchers claimed.
It really is worth noting that Google last 12 months fastened 5 Chrome zero-days that ended up actively exploited in the wild in a span of a single month between October 20 and November 12.
Observed this write-up intriguing? Follow THN on Fb, Twitter and LinkedIn to study additional exclusive material we put up.
Some components of this post are sourced from:
thehackernews.com