Friday, October 15, 2021

Google patches Chrome zero-day vulnerability exploited in the wild

Must Read

China Released New Law Regarding vulnerability disclosure rules

The Cyberspace Administration of China (CAC) Released a New Law Regarding vulnerability disclosure rules that mandate security researchers to...

Emotet Returns as Top Malware Threat in December

The notorious Emotet Trojan is back on peak of the malware graphs, having had a makeover designed to make...

Chinese hackers had access to U.S. hacking tools and cloned an attack tool

Chinese threat actors "cloned" and used a Windows zero-day exploit stolen from the NSA's Equation Group for years before...

Google has released today Stable version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. Today’s release contains only one bug fix for a Chrome zero-day vulnerability that was exploited in the wild.

“Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” the Google Chrome 88.0.4324.150 announcement reads.

The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a “heap overflow” memory corruption bug in the V8 JavaScript engine.

The vulnerability rated by Google as high severity is being tracked as CVE-2021-21148 and was reported by Mattias Buelens on January 24, 2021.

Two days after Buelens’ report, Google’s security team published a story about attacks carried out by North Korean hackers against the cyber-security community.

While buffer overflows generally lead to crashes, attackers can also be exploited to execute arbitrary code on systems running vulnerable software.

In a report on January 28, Microsoft said that attackers most likely used a Chrome zero-day for their attacks. In a statement published today, a South Korean security firm said they discovered an Internet Explorer zero-day used for these attacks.

No details on attacks exploiting the zero-day

Google did not say today if the CVE-2021-21148 zero-day was used in these attacks, although many security researchers believe it was so due to the two events’ proximity.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google adds.”We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

Before today’s patches, Google went through a spell last year where it patched five actively-exploited Chrome zero-days in three weeks.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This