5 February 2021

Google fixes Chrome zero day bug exploited in the wild


Google fixes Chrome zero day bug exploited in the wild

Google has released the Chrome 88.0.4324.150 version for Windows, Mac and Linux, which contains a fix for a security vulnerability that is being actively exploited in the wild.

Tracked as CVE-2021-21148, the flaw is described as a heap-based overflow issue in V8 JavaScript engine in Google Chrome. A remote hacker can create a specially crafted web page, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Google did not disclose the details about the nature of the attacks where this vulnerability was used, who might have been behind them, or what victims were targeted.

Windows, Mac, and Linux desktop users can upgrade to Chrome 88 by going to Settings -> Help -> About Google Chrome.

In October and in November last year, Google had patched a bunch of zero days affecting its Chrome browser, including CVE-2020-15999 (a memory corruption bug in the FreeType font rendering library, CVE-2020-16009 (a heap buffer overflow in Freetype), CVE-2020-16010 (a flaw in user interface component in Chrome for Android), CVE-2020-16013 (a bug in V8), and CVE-2020-16017 (a use-after-free issue in within the site isolation component in Google Chrome).

Back to the list

Latest Posts

One of the US’ largest pipelines halts operations after a ransomware attack

One of the US’ largest pipelines halts operations after a ransomware attack

The "DarkSide" criminal group is believed to be behind the ransomware attack.
10 May 2021
TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

The attacks were highly targeted and delivered to less than 10 victims around the world, including large diplomatic organizations in South-East Asia and Africa.
10 May 2021
A bio research institute got infected with Ryuk ransomware because of pirated software

A bio research institute got infected with Ryuk ransomware because of pirated software

The student who wouldn’t pay for licensed software unwittingly opened a door to the ransomware.
10 May 2021