Google has released an important update to its Chrome browser. Chrome version 88.0.4324.150 includes a fix for a zero-day vulnerability in the web browser. Google says the exploit likely has not been exploited in the wild.
Google says the fix is for a heap buffer overflow memory corruption bug known as CVE-2021-21148. It has not provided specific details about the bug and says it will not do so “until a majority of users are updated with a fix.”
ZDNet notes that the date on which Google says the bug was reported, January 24, is just two days after Google’s Threat Analysis Group reported a hacking campaign carried out by North Korean hackers against the cyber-security community.
Microsoft said that attackers most likely used a Chrome zero-day for their attacks. In a report published today, South Korean security firm said they discovered an Internet Explorer zero-day used for these attacks as well.
All Chrome users are being advised to click the “About Google Chrome” option in the Chrome menu bar to upgrade their browser to the latest version as soon as possible.