New Chrome Browser Zero-Day – “heap overflow memory corruption”

Languages: English. Risk Level: High.

Systems Affected

✻ Google Chrome Browser
 ✻ Chromium-based Browsers

Overview

The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a “heap overflow” memory corruption bug in the V8 JavaScript engine.

Description

Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released on February 4th, 2021, to the Stable desktop channel for Windows, Mac, and Linux users.

Impact

  ✻ Remote code execution
  ✻ Malware installation
  ✻ Information disclosure

Solution/ Workarounds

The Google Chrome web browser will then automatically check for the new update and install it when available. However, Regular users are advised to use Chrome’s built-in update feature to upgrade their browser to the latest version as soon as possible. This can be found via the Chrome menu, Help option, and About Google Chrome section.

References

  ✻ https://www.zdnet.com/article/google-patches-an-actively-exploited-chrome-zero-day
  ✻ https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-actively-exploited-in-the-wild/

Disclaimer

The information provided herein is on “as is” basis, without warranty of any kind.