Windows 10 News and info | Forum
March 08, 2021, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: New Chrome Browser 0-day Under Active Attack—Update Immediately!  (Read 11 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 32288


I Do Windows


WWW Email
« on: February 05, 2021, 10:53:34 PM »
ReplyReply

Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild.

The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.

"Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the company said in a statement.

The security flaw was reported to Google by Mattias Buelens on January 24.

Previously on February 2, Google addressed six issues in Chrome, including one critical use after free vulnerability in Payments (CVE-2021-21142) and four high severity issues in Extensions, Tab Groups, Fonts, and Navigation features.

While it's typical of Google to limit details of the vulnerability until a majority of users are updated with the fix, the development comes weeks after Google and Microsoft disclosed attacks carried out by North Korean hackers against security researchers with an elaborate social engineering campaign to install a Windows backdoor.

With some researchers infected simply by visiting a fake research blog on fully patched systems running Windows 10 and Chrome browser, Microsoft, in a report published on January 28, had hinted that the attackers likely leveraged a Chrome zero-day to compromise the systems.

Although it's not immediately clear if CVE-2021-21148 was used in these attacks, the timing of the revelations and the fact that Google's advisory came out exactly one day after Buelens reported the issue implies they could be related.

In a separate technical write-up, South Korean cybersecurity firm ENKI said the North Korean state-sponsored hacking group known as Lazarus made an unsuccessful attempt at targeting its security researchers with malicious MHTML files that, when opened, downloaded two payloads from a remote server, one of which contained a zero-day against Internet Explorer.

"The secondary payload contains the attack code that attacks the vulnerability of the Internet Explorer browser," ENKI researchers said.

It's worth noting that Google last year fixed five Chrome zero-days that were actively exploited in the wild in a span of one month between October 20 and November 12.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page February 09, 2021, 02:25:47 AM