Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

New Chrome Browser Zero-Day - "heap overflow memory corruption"

 

Systems Affected


  ✻  Google Chrome Browser
  ✻  Chromium-based Browsers

Threat Level


High


Overview


The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a "heap overflow" memory corruption bug in the V8 JavaScript engine.


Description


Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released on February 4th, 2021, to the Stable desktop channel for Windows, Mac, and Linux users.


Impact


  ✻  Remote code execution
  ✻  Malware installation
  ✻  Information disclosure


Solution/ Workarounds


The Google Chrome web browser will then automatically check for the new update and install it when available. However, Regular users are advised to use Chrome's built-in update feature to upgrade their browser to the latest version as soon as possible. This can be found via the Chrome menu, Help option, and About Google Chrome section.


References


  ✻  https://www.zdnet.com/article/google-patches-an-actively-exploited-chrome-zero-day
  ✻  https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-actively-exploited-in-the-wild/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.