Version 88.0.4324.150 of the Chrome browser was released today. The new version, compatible with Windows, Mac and Linux contains a bugfix for a zero-day vulnerability. The vulnerability was assigned the identifier CVE-2021-21148. Google described it as a “heap overflow” memory corruption bug, which was exploited in attacks before Mattias Buelens found and reported the issue on the 24th of January.
Google’s security team published a report two days after Buelen’s report, detailing attacks carried out by North Korean hackers. Microsoft claims that the attackers allegedly used a Chrome zero-day for their attacks. A South Korean Security firm reported that they also discovered an Internet Explorer zero-day that had been used for similar attacks, although it is unclear whether the same CVE was used.