Friday, July 23, 2021

Google patches Chrome zero-day vulnerability exploited in the wild

Must Read

SonicWall firewall maker hacked Via Zero-Day Flaw in its products

SonicWall, who built the communications equipment, said on Friday night, he was investigating a security breach of his internal...

IBM has issued security patches to fix high- and medium-severity bugs

IBM has issued security patches to fix high- and medium-severity bugs affecting large business software solutions. The worst bugs could...

Cybercriminals are Doing Microsoft Exchange Exploitation by installing Cryptojacking

Cybercriminals continue to exploit Microsoft Exchange unpatched servers. Cybersecurity investigators at Sophos report an unknown attack after trying to...

Google has released today Stable version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. Today’s release contains only one bug fix for a Chrome zero-day vulnerability that was exploited in the wild.

“Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” the Google Chrome 88.0.4324.150 announcement reads.

The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a “heap overflow” memory corruption bug in the V8 JavaScript engine.

The vulnerability rated by Google as high severity is being tracked as CVE-2021-21148 and was reported by Mattias Buelens on January 24, 2021.

Two days after Buelens’ report, Google’s security team published a story about attacks carried out by North Korean hackers against the cyber-security community.

While buffer overflows generally lead to crashes, attackers can also be exploited to execute arbitrary code on systems running vulnerable software.

In a report on January 28, Microsoft said that attackers most likely used a Chrome zero-day for their attacks. In a statement published today, a South Korean security firm said they discovered an Internet Explorer zero-day used for these attacks.

No details on attacks exploiting the zero-day

Google did not say today if the CVE-2021-21148 zero-day was used in these attacks, although many security researchers believe it was so due to the two events’ proximity.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google adds.”We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

Before today’s patches, Google went through a spell last year where it patched five actively-exploited Chrome zero-days in three weeks.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This