Security News > 2021 > February > Google Chrome, Microsoft IE Zero-Days in Crosshairs

Google late Thursday night shipped an emergency patch to close a Chrome browser vulnerability that was being used in mysterious zero-day attacks.

The Google Chrome patch, which is being pushed via the browser's automatic self-patching, covers a critical vulnerability in V8, Google's JavaScript and WebAssembly engine.

The patch release comes amidst reports that a Google Chrome zero-day exploit was being used in the North Korean government-backed attacks against numerous researchers and personalities scattered across the offensive and defensive security space.

Beyond a blog post with the initial warning from its TAG, Google has been quiet on the possible use of a Chrome zero-day was used in the North Korean social-engineering campaign and whether this latest patch provides cover for that vulnerability.

Adding fuel to the fire, South Korean security vendor ENKI has published a claim that a Microsoft Internet Explorer browser zero-day may also be linked to the North Korean campaign.

Microsoft has itself documented its own findings on the North Korean hacks against white-hat researchers, threat intel professionals and offensive security professionals but Microsoft does not mention the use of an Internet Explorer zero-day.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/1KXEqDvJESg/google-chrome-microsoft-ie-zero-days-crosshairs