Google has recently rolled out an urgent Chrome update to fix a zero-day. This update includes no other improvements besides the bug fix. Since the vulnerability is under active exploitation, users must ensure updating their systems at the earliest.
Google Chrome Zero-Day
Security researcher Mattias Buelens has caught a zero-day affecting Google Chrome browser that is under active attack.
While not many details about the bug are out yet, it seems that the recent campaign by North Korean hackers targeting the security community exploited this bug.
As elaborated in the Google Threat Analysis Group blog post, the campaign lured the researchers via social media into executing dangerous exploits.
Besides, Microsoft has also shared the details about what they identified as ZINC attacks in their report.
Google shared this report a day after Buelens reported the under attack zero-day to the tech giant.
As for the bug, Google’s advisory describes it as a heap buffer overflow in V8. It has received the CVE ID CVE-2021-21148 and a high-severity rating.
Patch Deployed
Google has recently released the fix addressing this bug with the release of Chrome 88.0.4324.150 for Windows, Mac, and Linux.
Given that the bug is under active exploitation, Google hasn’t shared any details yet. This is to let a majority of Chrome users update their systems with the fix.
The recent report marks the first zero-day in Chrome browser for 2021.
Previously, Google patched back-to-back zero-day vulnerabilities in the Chrome browser in late 2020. At that time too, Google had to deploy urgent fixes to address the bugs as they were under active attack.
To check the current browser version, users should follow this path after opening the browser on their respective devices: Menu > Help > About Google Chrome. Verify that your device is running version 88.0.4324.150. If not, it should receive the update this way.
Let us know your thoughts in the comments.