Google has released Chrome version 88.0.4324.150 with an important fix for a zero-day vulnerability in the web browser that the company says is likely to have been exploited in the wild.
Google hasn’t provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won’t do so “until a majority of users are updated with a fix.”
However, ZDNet notes that the date on which Google says the bug was reported, January 24, is just two days after Google’s Threat Analysis Group reported a hacking campaign carried out by North Korean hackers against the cyber-security community.
Some of the attacks involved luring security researchers to a blog where the attackers exploited browser zero-days to run malware on the researchers’ systems. On January 28, Microsoft also reported that attackers most likely used a Chrome zero-day for their attacks.
The proximity of the two events has led security researchers to suspect that it was indeed the CVE-2021-21148 zero-day that was used in the attacks. As a result, all users are being advised to use the Chrome menu bar’s About Google Chrome option to upgrade their browser to the latest version as soon as possible.
Google Chrome for Mac is a free download available directly from Google’s servers. Google Chrome for iOS is a free download for iPhone and iPad available on the App Store. [Direct Link]Tags: Google, Chrome, exploit, security
This article, “Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability” first appeared on MacRumors.com
Discuss this article in our forums