NIST's guidance for a Zero Trust Architecture

Recent AD News

Google patches the third browser-based zero-day vulnerability of 2021

Early this month, Google published a stable channel update for Chrome for Desktop. The new version (88.0.4324.150) released by Google for Windows, Mac, and Linux contains a critical bugfix for a zero-day vulnerability that was exploited in the wild.

This zero-day, labeled CVE-2021-21148, is a “heap overflow” memory corruption bug in the V8— Google Chrome’s open-source JavaScript and WebAssembly engine. This vulnerability was uncovered by Mattias Buelens. In the release, Google has also stated that it is “aware of reports that an exploit” for this vulnerability “exists in the wild”

A few days after the vulnerability was brought to light, Google reported about cyberattacks carried out by North Korean hackers against the cyber-sec community. Attackers lured IT pros to a blog and exploited browser zero-days to run malware on the IT pros’ systems.

It is important to note that CVE-2021-21148 is the third zero-day vulnerability of 2021. Before this browser-based zero-day vulnerability, Apple released iOS and iPadOS 14.4 to address two WebKit zero-day vulnerabilities (CVE-2021-1870, CVE-2021-1871) exploited in a similarly. Regular users are advised to either update their Google Chrome version or enable Chrome’s built-in update feature that automatically updates users’ Google Chrome version to the latest version available. You can enable this feature by going to the About Google Chrome section, from the Help option via the Chrome menu.

Related posts
Recent AD News

Attackers use stolen credentials to intrude into the UN network

Recent AD News

CISA and FBI expect ransomware attacks to soar over the Labor Day weekend, issue advisory

Recent AD News

Another zero-day vulnerability confirmed by Microsoft

Recent AD News

Automate access decisions with risk-based contextual authentication

Leave a Reply

Your email address will not be published. Required fields are marked *