Zero-day in the Chrome browser: import the update now

The latest update for the Chrome browser is intended to protect against a security hole that is already actively exploited by attackers. The JavaScript engine V8 is prone to heap overflows. This allows attackers to execute arbitrary code on the device and, according to Google, they have already done so. Therefore, users for Windows, Linux and MacOS should quickly import the update.

The new Chrome version 88.0.4324.150 from Thursday differs from version 88.0.4324.146 published on Tuesday only in that it has a closed security hole. This is called CVE-2021-21148 and is rated “high” by Google.

Mattias Buelens, Belgian developer of an HTML5 video player, reported the problem last Sunday. Shortly afterwards, Google’s Threat Analysis Group (TAG) warned of attacks by hackers assigned to North Korea. According to the Google warning, the state spies disguise themselves as security researchers.


To home page