NIST's guidance for a Zero Trust Architecture

Recent AD News

Google patches the third browser-based zero-day vulnerability of 2021

Early this month, Google published a stable channel update for Chrome for Desktop. The new version (88.0.4324.150) released by Google for Windows, Mac, and Linux contains a critical bugfix for a zero-day vulnerability that was exploited in the wild.

This zero-day, labeled CVE-2021-21148, is a “heap overflow” memory corruption bug in the V8— Google Chrome’s open-source JavaScript and WebAssembly engine. This vulnerability was uncovered by Mattias Buelens. In the release, Google has also stated that it is “aware of reports that an exploit” for this vulnerability “exists in the wild”

A few days after the vulnerability was brought to light, Google reported about cyberattacks carried out by North Korean hackers against the cyber-sec community. Attackers lured IT pros to a blog and exploited browser zero-days to run malware on the IT pros’ systems.

It is important to note that CVE-2021-21148 is the third zero-day vulnerability of 2021. Before this browser-based zero-day vulnerability, Apple released iOS and iPadOS 14.4 to address two WebKit zero-day vulnerabilities (CVE-2021-1870, CVE-2021-1871) exploited in a similarly. Regular users are advised to either update their Google Chrome version or enable Chrome’s built-in update feature that automatically updates users’ Google Chrome version to the latest version available. You can enable this feature by going to the About Google Chrome section, from the Help option via the Chrome menu.

Related posts
Recent AD News

Automate access decisions with risk-based contextual authentication

Recent AD News

2020 recorded the highest number of CVE’s to ever be reported

Recent AD News

Microsoft announces Azure Best Practices and Launches Conditional Access Enhancements

Recent AD News

Accellion Zero-Days Responsible for Recent Data Theft and Extortion Attacks

Leave a Reply

Your email address will not be published. Required fields are marked *