Google patches an actively exploited Chrome zero-day


Google has released today version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. Today’s release contains only one bugfix for a zero-day vulnerability that was exploited in the wild.

The zero-day, which was assigned the identifier of CVE-2021-21148, was described as a “heap overflow” memory corruption bug in the V8 JavaScript engine.

Google said the bug was exploited in attacks in the wild before a security researcher named Mattias Buelens reported the issue to its engineers on January 24.

Read more…
Source: ZDNet

Related story: Google paid $6.7 million to bug bounty hunters in 2020