Version 88.0.4324.150 of the Chrome browser was released today. The new version, compatible with Windows, Mac and Linux contains a bugfix for a zero-day vulnerability. The vulnerability was assigned the identifier CVE-2021-21148. Google described it as a “heap overflow” memory corruption bug, which was exploited in attacks before Mattias Buelens found and reported the issue on the 24th of January.
Google’s security team published a report two days after Buelen’s report, detailing attacks carried out by North Korean hackers. Microsoft claims that the attackers allegedly used a Chrome zero-day for their attacks. A South Korean Security firm reported that they also discovered an Internet Explorer zero-day that had been used for similar attacks, although it is unclear whether the same CVE was used.
Niamh Muldoon, global data protection officer at OneLogin says: “This zero-day vulnerability again emphasises the importance of having an enterprise-wide comprehensive security program incorporating people, processes and technical controls. CISOs should be speaking to their leadership teams about the security posture of their technology environment that delivers their key products and services and provide assurance that associated exploitation risks associated with these identified vulnerabilities are patched.”
0 0 vote
Article Rating
Support the originator by clicking the read the rest link below.
