Threat Watch

Chrome Zero-Day Exploited in the Wild

Google is releasing a patch for a high severity zero-day vulnerability in Chrome that is being exploited in the wild by attackers. The vulnerability, tracked as CVE-2021-21148, is a heap buffer overflow bug in V8, which is Google’s open source WebAssembly and JavaScript engine. The bug was fixed in the new version of Chrome that was released on February 4th, to the stable desktop channel for Windows, Mac, and Linux users. This version of Chrome, 88.4323.150, is being rolled out to the entire userbase within the next few days. Google did not release any details about the attacks being seen exploiting this vulnerability.

ANALYST NOTES

Google is aware of the vulnerability and has addressed the issue within the update. Anyone using Google Chrome should ensure they keep their version up to date and check for new updates often if auto-update is disabled. Google also stated, “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” Whenever a company releases and update for their product, IT administrators or end users should install those updates as soon as possible to prevent attackers from being able to exploit vulnerabilities.

More can be read here: https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-actively-exploited-in-the-wild/

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch
Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support