Google patches an actively exploited Chrome zero-day

Google Chrome 88.0.4324.150 released with a fix. Users advised to update.

Google has released today version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. Today’s release contains only one bugfix for a zero-day vulnerability that was exploited in the wild.

The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a “heap overflow” memory corruption bug in the V8 JavaScript engine.

Google said the bug was exploited in attacks in the wild before a security researcher named Mattias Buelens reported the issue to its engineers on January 24.

Two days after Buelens’ report, Google’s security team published a report about attacks carried out by North Korean hackers against the cyber-security community.

Read More Here