NIST's guidance for a Zero Trust Architecture

Recent AD News

Time to update: Google just fixed an actively exploited zero-day vulnerability in the Chrome browser

Google recently patched a potentially disastrous zero-day vulnerability in the desktop app of the Chrome web browser. The company also acknowledged that the exploit is being actively exploited in the wild.

In the recent release update from the Chrome team, it patched the issue with an update for the Windows, Mac, and Linux app to fix the heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.

The fix comes weeks after Google and Microsoft revealed details about a widespread social engineering attack carried out by North Korean hackers. In a report that Microsoft published shortly after the attack, it hinted that the hackers might have leveraged a potential zero-day vulnerability to carry out the attack. On January 24, Mattias Buelens reported the security flaw to Google.

Google’s statement however, doesn’t clarify if the attackers indeed leveraged the vulnerability. The attackers are said to belong to a North Korean state-sponsored hacking group known as Lazarus and were unsuccessful in their attempts to plant a Windows backdoor. Bug fixers at Google had a busy year last 2020, fixing five zero-day vulnerabilities in Chrome. The case was similar this year around, with Google addressing six issues already within the first couple of months.

Related posts
Recent AD News

Attackers use stolen credentials to intrude into the UN network

Recent AD News

CISA and FBI expect ransomware attacks to soar over the Labor Day weekend, issue advisory

Recent AD News

Another zero-day vulnerability confirmed by Microsoft

Recent AD News

Automate access decisions with risk-based contextual authentication

Leave a Reply

Your email address will not be published. Required fields are marked *