Google is releasing a patch for a high severity zero-day vulnerability in Chrome that is being exploited in the wild by attackers. The vulnerability, tracked as CVE-2021-21148, is a heap buffer overflow bug in V8, which is Google’s open source WebAssembly and JavaScript engine. The bug was fixed in the new version of Chrome that was released on February 4th, to the stable desktop channel for Windows, Mac, and Linux users. This version of Chrome, 88.4323.150, is being rolled out to the entire userbase within the next few days. Google did not release any details about the attacks being seen exploiting this vulnerability.
Analyst Notes
Google is aware of the vulnerability and has addressed the issue within the update. Anyone using Google Chrome should ensure they keep their version up to date and check for new updates often if auto-update is disabled. Google also stated, “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” Whenever a company releases and update for their product, IT administrators or end users should install those updates as soon as possible to prevent attackers from being able to exploit vulnerabilities.
More can be read here: https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-actively-exploited-in-the-wild/
