The update shifts Chrome to version 88.0.4324.150 and is available for builds on Windows, Mac, and Linux. At the moment, Google is restricting access to finer grain details about the zero-day vulnerability “until a majority of users are updated with a fix.” However, it has been assigned CVE-2021-21148 with a High security rating.
Inside the Visual Studio Project would be actual source code for exploiting the vulnerability, along with an add DLL containing custom malware. This malware would get straight to work phoning C2 domains controlled by the bad actors.
According to the report, the hackers have also been successful in spreading the custom malware by getting security researchers to visit a compromised blog post.