Google Chrome fixes security vulnerability CVE-2021-21148 exists in the wild
Earlier we mentioned that hacker groups pretended to be security researchers on Twitter to attract other security researchers and tried to launch cyber attacks.
The purpose of these hackers is to impersonate researchers to gain the trust of real researchers and then deliver malware to them to steal the secrets of these researchers.
In the follow-up investigation, Google also discovered that the hacker group was also using a zero-day vulnerability in Google’s browser.
Google Chrome today released a security update to fix a heap buffer overflow vulnerability in the core engine, but this vulnerability does not seem to be a zero-day vulnerability exploited by hackers.
The Google browser vulnerability exploited by hackers is described as a heap buffer overflow error in the V8 engine. With this error, the attacker can execute arbitrary code.
This vulnerability numbered CVE-2021-21148 has been marked by Google for repair, but there is a security vulnerability currently under evaluation.
Since the vulnerability has not been fixed, Google is reluctant to disclose the details, and we do not know whether this zero-day vulnerability and the security vulnerability in the engine are related vulnerabilities.
Google Chrome has now released a repaired version. Users on all platforms can manually check for updates to obtain a new version, and Google will automatically push the new version.
At the same time, all details and utilization information of the vulnerability will be kept confidential until the vulnerability is completely repaired. Google recommends that users install Google Chrome updates at any time.