Google has released today version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. .
The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a “heap overflow” memory corruption bug in the V8 JavaScript engine.
Google said the bug was exploited in attacks in the wild before a security researcher reported. Two days after, Google’s security team published a report about attacks carried out by North Korean hackers against the cyber-security community.
Some of these attacks consisted of luring security researchers to a blog where the attackers exploited browser zero-days to run malware on researchers’ systems.
Google did not say today if the CVE-2021-21148 zero-day was used in these attacks, although many security researchers believe it was so due to the proximity of the two events.
But despite how this zero-day was exploited, regular users are advised to use Chrome’s built-in update feature to upgrade their browser to the latest version as soon as possible. This can be found via the Chrome menu, Help option, and About Google Chrome section.
