New Chrome Browser Zero-Day - "heap overflow memory corruption"

  • CERT Admin
  • Fri Feb 05 2021
  • Alerts

Systems Affected

  ✻ Google Chrome Browser
  ✻ Chromium-based Browsers


Threat Level

High


Overview 

The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a "heap overflow" memory corruption bug in the V8 JavaScript engine.


Description 

Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released on February 4th, 2021, to the Stable desktop channel for Windows, Mac, and Linux users.


Impact

  ✻ Remote code execution
  ✻ Malware installation
  ✻ Information disclosure
 

Solution/ Workarounds

The Google Chrome web browser will then automatically check for the new update and install it when available. However, Regular users are advised to use Chrome's built-in update feature to upgrade their browser to the latest version as soon as possible. This can be found via the Chrome menu, Help option, and About Google Chrome section.


References

  ✻ https://www.zdnet.com/article/google-patches-an-actively-exploited-chrome-zero-day
  ✻ https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-actively-exploited-in-the-wild/
 

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.



Last updated: Fri Feb 05 2021

Audience

Tags