Google has released the latest update for its Chrome Browser version 88.0.4324.150 which fixes a security issue that is being actively exploited in the wild.
The update is being rolled out for Windows, Mac and Linux over the coming days/weeks, Google said.
The tech giant has fixed a security bug with a high severity rating as part of the update. It did not provide much details about the vulnerability dubbed CVE-2021-21148.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” it said.
The vulnerability described only as a “Heap buffer overflow in V8,” was reported by a researcher named Mattias Buelens on January 24.
As ZDNet notes, a few days after Buelens’ report, Google’s Threat Analysis Group posted an article about an active campaign against security researchers by North Korean hackers.
“Over the past several months, the has identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organisations,” TAG’s Adam Weidemann said in a blog post.
“The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers,” Weidemann said.
TAG researchers are yet to confirm the mechanism of compromise as at the time and the vulnerability that was being exploited as the researchers targeted had been using fully patched and up-to-date Windows 10 and Chrome browser versions.
Anyone with information on Chrome vulnerabilities, including those being exploited in the wild (ITW) is eligible for reward payout under Chrome’s Vulnerability Reward Program, the group had said.
Regardless of the exact vulnerability being patched, users are advised to update to the latest version of the browser to ensure security.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944