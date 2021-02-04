



Google today released version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. Today’s release contains only one bug fix for a zero-day vulnerability that was actually exploited.

A zero-day assigned the CVE-2021-21148 identifier was described as a “heap overflow” memory corruption bug in the V8 JavaScript engine.

Google said the bug was exploited in a real attack on January 24, before a security researcher named Mattias Buelens reported the problem to engineers.

Two days after Buelens’ report, Google’s security team published a report on an attack by a North Korean hacker against the cybersecurity community.

Some of these attacks consisted of inviting security researchers to blogs, where attackers used browser zero-day attacks to execute malware on their systems.

In a January 28 report, Microsoft said it was likely that the attackers used Chrome’s zero-day attacks to attack. In a report released today, South Korean security companies said they discovered Internet Explorer, which is also used in zero-day attacks for these attacks.

Google didn’t say today whether CVE-2021-21148 zero-days were used in these attacks, but many security researchers believe it’s because the two events are in close proximity.

However, regardless of how this zero-day attack was exploited, regular users are advised to use Chrome’s built-in update feature to upgrade their browser to the latest version as soon as possible. This can be found in the Chrome menu, help options, and Google Chrome section.

Prior to today’s patch, Google experienced a spell last year that applied a zero-day patch to five actively used Chrome over a three-week span.

