February 8, 2023

Google has released today version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. .

The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a “heap overflow” memory corruption bug in the V8 JavaScript engine.

Google said the bug was exploited in attacks in the wild before a security researcher reported. Two days after, Google’s security team published a report about attacks carried out by North Korean hackers against the cyber-security community.

Some of these attacks consisted of luring security researchers to a blog where the attackers exploited browser zero-days to run malware on researchers’ systems.

Google did not say today if the CVE-2021-21148 zero-day was used in these attacks, although many security researchers believe it was so due to the proximity of the two events.

But despite how this zero-day was exploited, regular users are advised to use Chrome’s built-in update feature to upgrade their browser to the latest version as soon as possible. This can be found via the Chrome menu, Help option, and About Google Chrome section.

Leave a Reply

%d bloggers like this: