Security News > 2021 > February > Google Chrome, Microsoft IE Zero-Days in Crosshairs
Google late Thursday night shipped an emergency patch to close a Chrome browser vulnerability that was being used in mysterious zero-day attacks.
The Google Chrome patch, which is being pushed via the browser's automatic self-patching, covers a critical vulnerability in V8, Google's JavaScript and WebAssembly engine.
The patch release comes amidst reports that a Google Chrome zero-day exploit was being used in the North Korean government-backed attacks against numerous researchers and personalities scattered across the offensive and defensive security space.
Beyond a blog post with the initial warning from its TAG, Google has been quiet on the possible use of a Chrome zero-day was used in the North Korean social-engineering campaign and whether this latest patch provides cover for that vulnerability.
Adding fuel to the fire, South Korean security vendor ENKI has published a claim that a Microsoft Internet Explorer browser zero-day may also be linked to the North Korean campaign.
Microsoft has itself documented its own findings on the North Korean hacks against white-hat researchers, threat intel professionals and offensive security professionals but Microsoft does not mention the use of an Internet Explorer zero-day.
News URL
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- New Google Chrome feature will translate complex pages in real time (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- New Chrome Zero-Day (source)