A zero-day vulnerability has been patched by Google, found in desktop chrome web browser, for which the organization said that it was being exploited in the wild. The organization, Google, in a blog post, said, “Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild.”
The organization then released an update with a patch for the vulnerability, the update is of chrome browser for Windows, Mac, and Linux. The updated version is 88.0.4324.150. To know how to update your chrome browser on the desktop, visit here.
Recently, Google fixed six vulnerabilities of Chrome which included four high severity vulnerabilities present in navigation features, tab groups, fonts, and extensions. Even in the previous year, Google had fixed five zero-day vulnerabilities that were being exploited in the wild between October and November 2020.
Limiting details about the vulnerability until and unless most of its users get updated with the patch to vulnerability, is a classic habit of Google, to prevent further exploits.
The vulnerability came to light after Google unveiled the social engineered attacks being carried out by a group of North Korean hackers on cybersecurity researchers to install a backdoor on the targeted user’s Windows Operating system.
Google, on attacks happening on cybersecurity researchers, said, “Over the past several months, the Threat Analysis Group has identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations. The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers. The actors have been observed targeting specific security researchers by a novel social engineering method. After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project. Within the Visual Studio Project would be source code for exploiting the vulnerability.”
Simultaneously, ENKI, a South-Korean cybersecurity firm, explained that Lazarus, a North Korean nation-backed hacking group has failed to target their cybersecurity researchers in an attacking campaign utilizing MHTML files.
The organization hasn’t made clear whether the payment vulnerability, which Google fixed recently, was utilized in this vulnerability exploit or not, as the patch was released just one day later after being informed. Further details regarding this chrome vulnerability will be shared soon after the majority of users update their browsers.