NIST's guidance for a Zero Trust Architecture

Recent AD News

Time to update: Google just fixed an actively exploited zero-day vulnerability in the Chrome browser

Google recently patched a potentially disastrous zero-day vulnerability in the desktop app of the Chrome web browser. The company also acknowledged that the exploit is being actively exploited in the wild.

In the recent release update from the Chrome team, it patched the issue with an update for the Windows, Mac, and Linux app to fix the heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.

The fix comes weeks after Google and Microsoft revealed details about a widespread social engineering attack carried out by North Korean hackers. In a report that Microsoft published shortly after the attack, it hinted that the hackers might have leveraged a potential zero-day vulnerability to carry out the attack. On January 24, Mattias Buelens reported the security flaw to Google.

Google’s statement however, doesn’t clarify if the attackers indeed leveraged the vulnerability. The attackers are said to belong to a North Korean state-sponsored hacking group known as Lazarus and were unsuccessful in their attempts to plant a Windows backdoor. Bug fixers at Google had a busy year last 2020, fixing five zero-day vulnerabilities in Chrome. The case was similar this year around, with Google addressing six issues already within the first couple of months.

Related posts
Recent AD News

2020 recorded the highest number of CVE’s to ever be reported

Recent AD News

Microsoft announces Azure Best Practices and Launches Conditional Access Enhancements

Recent AD News

Accellion Zero-Days Responsible for Recent Data Theft and Extortion Attacks

Recent AD News

SolarWinds Puts the Blame on their Intern for the Supply Chain Attack

Leave a Reply

Your email address will not be published. Required fields are marked *