As of 2020, the Google Chrome browser had over a billion users and that is why any vulnerability if exploited in the browser can be devastating for unsuspecting users but at the same time, it can be lucrative for cyber criminals.
Google Patches Heap Buffer Overflow Flaw
Google’s Project Zero bug-hunters have patched a zero-day vulnerability in Chrome browser for desktop. It was a heap buffer overflow flaw classified as CVE-2021-21148.
The vulnerability was identified in Chrome’s JavaScript V8 and WebAssembly. It could allow an attacker to execute any code on the system, which is why Google has urged Chrome users to update the browser immediately. It released a fix 88.0.4324.150 for Windows, Mac, and Linux’s V8 JavaScript rendering engine.
See: Malicious Chrome, Edge extensions manipulating Google search results
Usually, Google discloses vulnerabilities after most of the users have updated their systems with a fix. However, in this case, Google revealed that it is aware of reports that “an exploit for CVE-2021-21148 exists in the wild.” The use of the phrase exists in the wild is crucial here as this means cybercrooks discovered the flaw before Google could.
Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed, the company said in a update chrome browser google patches critical flaws
