Google fixes Chrome zero-day flaw actively exploited in the wild


Google Chrome 88.0.4324.150 released with a fix.

Google released Chrome 88.0.4324.150 version that addressed an actively exploited zero-day security vulnerability.

The vulnerability is a Heap buffer overflow dubbed as CVE-2021-21148 that resides in the V8, an open-source high-performance JavaScript and WebAssembly engine, written in C++.

The flaw which has been given the high severity rate was reported by Mattias Buelens on January 24th, 2021. The 88.0.4324.150 version of the Stable channel will be available for Windows, Mac and Linux in the upcoming days.

Google stated that it was aware of reports that an exploit for CVE-2021-21148 exists in the wild. The tech giant thanked all the security researchers that worked with them during the development cycle to prevent security bugs from ever reaching the stable channel.

The company also stated that access to bug details and links may be kept restricted until most of the users are updated with a fix. They will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.

However, Google did not share details about the attacks and the attackers.

In 2020, Google addresses five Chrome zero-days that were actively exploited in the wild between the months October and November.


Please enter your comment!
Please enter your name here