Security News > 2021 > February > Google fixes Chrome zero-day actively exploited in the wild
Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users.
"Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the Google Chrome 88.0.4324.150 announcement reads.
Windows, Mac, and Linux desktop users can upgrade to Chrome 88 by going to Settings -> Help -> About Google Chrome.
The Google Chrome web browser will then automatically check for the new update and install it when available.
Even though Google says that it "Is aware of reports that an exploit for CVE-2020-16009 exists in the wild," the company did not provide any details regarding the threat actors behind these attacks.
Last year, Google fixed five Chrome zero-days actively exploited in the wild, all within a single month, between October 20 and November 12.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google fixes Android kernel zero-day exploited in targeted attacks (source)
- Google Chrome will let you send money to your favourite website (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-09 | CVE-2021-21148 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-11-03 | CVE-2020-16009 | Type Confusion vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |