Google, whose Project Zero bug-hunting team is often surprisingly vocal when describing and discussing software vulnerabilities, has taken a very quiet approach to a just-patched bug in its Chrome browser.

In this case, the low-key announcement is understandable, because the patch fixes a hole that cybercrooks are apparently already abusing:


   Stable Channel Update for Desktop

   Thursday, February 4, 2021

   CVE-2021-21148: Heap buffer overflow in V8. 
                   Reported by Mattias Buelens on 2021-01-24

                   Google is aware of reports that an exploit 
                   for CVE-2021-21148 exists in the wild.

The phrase “exploit exists in the wild” is shorthand for “the crooks found this vulnerability before we did and are already using it in real-life attacks”.

This situation is also known as a zero day, or 0-day as you may see it written, because there were zero days in the past on which even the most diligent user could have patched ahead of the crooks.

Simply put, the word exploit refers to any trick that allows an attacker actively to abuse a software vulnerability and thereby to pull off some sort of unauthorised activity.