chrome patch

Google just released a zero-day vulnerability patch for its Chrome browser. The company says the vulnerability in its browser is actively being exploited in the wild.

The latest update fixes heap buffer overflow flaw (CVE-2021-21148) which was present in V8 JavaScript rendering engine. The released version with the patch is 88.0.4324.150 and read the change log here.

Mattias Buelens, a software architect and a security expert submitted the flaw to the google on January 24.

Google has yet to release the full details of the vulnerability, yet users are highly advised to update the browser right away. Recently, Google and Microsoft together disclosed attacks against security researchers being carried out by North Korean hackers. The attack involved social engineering campaigns installing backdoor to the infected system. Some researchers got infected just by visiting a blog which supposedly contained researches. The infected systems were Windows 10 devices and the used browser was Chrome.

It is yet to confirm if the same vulnerability was used to conduct those attacks, the timing of the update hints it may be related.