Actively Exploited Google Chrome zero-day vulnerability patched in the new update

by · Published · Updated

Google has launched an update to their highly used Browser, Google Chrome.

The Released Version 88.4.4324.150 of google chrome on Thursday fixes the highly exploited vulnerability of the browser. 

Google said that the particular venerability was actively being exploited. Update on the browser is launched in

  • Windows operating system
  • Mac Operating system
  • Linux operating system.

The zero-day. As the assigned identifier of CVE-2021-21148 is currently a corruption bug in the JavaScript V8 engine.

The tech giant said that this particular Bug was exploited in attacks in the wild before, and they got to know about this exploitation when a researcher named Mattias Buelens caught the process and reported this issue to its engineers on January 24th, 2021.

Keeping you updated with latest technology trends
Follow DataFlair on Google News

What Did Google Say on this issue?

As of now the tech giant hasn’t shared the exact details of the vulnerability and has pushed an update for the chrome users on all operating systems to install.

The details of the bug and the links will be kept restricted until most of the users of google chrome have not updated their software, which has the solution to the issue. 

Google said that they will be restraining the bugs in the third-party libraries that the other projects depend on, but yet haven’t fixed the issue.

Also, while Google did not share the details of the vulnerability they pushed an update to fix, the android police quoting a report by ZDNet said that this vulnerability may be linked to their researchers falling victim and that allowed malware on their systems, so that way they got to know this issue.

Note: – If the vulnerability of the browser is exploited, it could enable arbitrary code execution on a target system.

The bug is being described as of now, a HEAP BUFFER OVERFLOW, that exists in the V8 component of Google Chrome.

After the Buelens’ report, Google’s security team published a report against the cybersecurity community on attacks carried out by North Korean hackers just 2 days after the Buelens report.

What was Microsoft’s take on this?

In a report on January 28, Microsoft said that the attackers most likely used a Chrome zero-day for their attacks and exploitation. 

In another report published on the 5th of February 2021, a South Korean security firm stated that they have discovered an internet explorer zero-day vulnerability that must be used for these attacks as well.

Cybersmart CEO’s take on this:

Jamie Akhtar, Cybersmart CEO and co-founder said that the vulnerability and the scope and severity, normal users would not be the prime target.

But still, Google has not said anything about the issue. But many researchers believe it was due to the proximity of the CVE-2021-21148 zero-day events.

Despite how the vulnerability was exploited, the regular users of chrome are advised to update their chrome to the latest version, 88.0.4324.150

How to update Google Chrome?

You can update your google chrome by 

  • Clicking the dots on the top right of your browser
  • A drop-down menu will appear.
  • Scroll to the second last option of the Drop-Down Menu
  • You will see a help button
  • Click on the Help button and then to About Google Chrome
  • A new tab will open

Here you will see an update button if your browser is not up-to-date. If your browser is updated to the latest version then relax, you are protected.

Tags:

Prachi Patodi

Prachi is an entrepreneur and a passionate writer who loves writing about raging technologies and career conundrums.

Leave a Reply