Google’s browser released a vulnerability which is actively being exploited in the wild.
Chromium CVE-2021-21148: Heap Buffer Overflow
Google released a new chrome update advising users to update immediately which is being actively exploited in the wild.
However, “Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” the company said in a statement.
Where this bug was report by Mattias Buelens on 2021-01-24.
After Buelens reported the flaw, Google’s security team published a report about attacks carried out by North Korean hackers.
Google and Microsoft disclosed the attacks, with an elaborate social engineering campaign to install a Windows backdoor against security researchers.
However the attack made — with malicious MHTML files that > when opened > downloads two payloads from a remote server > one of which contained a zero-day against Internet Explorer.
On the other hand, earlier this month Google fixed six flaws including a critical and other high severity flaws.
Regardless of the exact of details about the vulnerability, Google recommended its user to ensure they’re running the latest version of Chrome.
Though the update is automatic, check for the version 88.0.4324.150 > Chrome menu > Help option >About Google Chrome section.