Google Chrome 88 Patches This Active Zero-Day Security Exploit, Update Immediately


Google Chrome Logo
Google has begun pushing out an update to its Chrome browser to patch a zero-day vulnerability that is potentially being exploited by hackers in North Korea. If you use Chrome—and many people do, as it wields the largest market share of all browsers—you should apply the update at your earliest convenience (and right now, if possible).

The update shifts Chrome to version 88.0.4324.150 and is available for builds on Windows, Mac, and Linux. At the moment, Google is restricting access to finer grain details about the zero-day vulnerability “until a majority of users are updated with a fix.” However, it has been assigned CVE-2021-21148 with a High security rating.

According to what few details are available, this security flaw can result in a “heap buffer overflow in V8,” which is Google’s open-source JavaScript and WebAssembly engine. While Google did not get into specifics, it did acknowledge there are reports of attackers exploiting this zero-day vulnerability in the wild.
The timing of this update follows a recent report from Google’s Threat Analysis Group, in which the division said it discovered an active and ongoing campaign targeting security researchers within various companies and organizations, presumably around the world. It’s part of a sneaky social engineering hack.
“The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers… The actors have been observed targeting specific security researchers by a novel social engineering method. After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project,” the report states.

Inside the Visual Studio Project would be actual source code for exploiting the vulnerability, along with an add DLL containing custom malware. This malware would get straight to work phoning C2 domains controlled by the bad actors.

According to the report, the hackers have also been successful in spreading the custom malware by getting security researchers to visit a compromised blog post.

“In…

Source…