Google has patched a zero-working day vulnerability in Chrome web browser for desktop that it claims is staying actively exploited in the wild.
The company launched 88..4324.150 for Windows, Mac, and Linux, with a deal with for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.
Protect and backup your data using Acronis True Image. Acronis is made in Germany and is a leading brand in IT back up and secirity for years. Acronis True Image take secure and enxrypted backups from your Wdindows and macOS. With Acronis True image you will never be worried about Ransomware attacks and virus infections.
Get Acronis with 50% discount from our partner: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“Google is informed of experiences that an exploit for CVE-2021-21148 exists in the wild,” the firm stated in a assertion.
The security flaw was noted to Google by Mattias Buelens on January 24.
Previously on February 2, Google resolved 6 issues in Chrome, including a person critical use just after totally free vulnerability in Payments (CVE-2021-21142) and 4 substantial severity issues in Extensions, Tab Teams, Fonts, and Navigation capabilities.
While it really is normal of Google to restrict specifics of the vulnerability till a majority of users are updated with the deal with, the development comes weeks immediately after Google and Microsoft disclosed attacks carried out by North Korean hackers in opposition to security scientists with an elaborate social engineering campaign to put in a Windows backdoor.
With some researchers contaminated just by viewing a fake investigation web site on absolutely patched systems working Windows 10 and Chrome browser, Microsoft, in a report published on January 28, had hinted that the attackers probable leveraged a Chrome zero-working day to compromise the devices.
Whilst it is really not straight away distinct if CVE-2021-21148 was utilised in these attacks, the timing of the revelations and the simple fact that Google’s advisory arrived out just one particular working day right after Buelens reported the issue implies they could be linked.
In a separate technological publish-up, South Korean cybersecurity firm ENKI stated the North Korean state-sponsored hacking team identified as Lazarus built an unsuccessful endeavor at targeting its security scientists with destructive MHTML documents that, when opened, downloaded two payloads from a remote server, one particular of which contained a zero-working day in opposition to Internet Explorer.
“The secondary payload consists of the attack code that attacks the vulnerability of the Internet Explorer browser,” ENKI researchers claimed.
It really is worth noting that Google last 12 months fastened 5 Chrome zero-days that ended up actively exploited in the wild in a span of a single month between October 20 and November 12.
Observed this write-up intriguing? Follow THN on Fb, Twitter and LinkedIn to study additional exclusive material we put up.
Some components of this post are sourced from:
thehackernews.com
ICS vulnerabilities up 25 percent in 2020