HomeWinBuzzer NewsGoogle Warns of Chrome Zero-Day on Windows, Mac, and Linux

Google Warns of Chrome Zero-Day on Windows, Mac, and Linux

Google says there is a flaw in Google Chrome caused by a heap-buffer overflow in the V8 open-source web engine.

-

says new updates of its Chrome browser have a zero-day vulnerability that threat actors are actively exploiting. Specifically, the flaw is found in current versions of . This release covers Windows, Mac, and versions of Chrome meaning all are at risk.

According to the company, there is a flaw in the V8 open-source web engine that runs Chrome. A patch has already been included in version 88.0.4234.150, which is rolling out over the coming days and weeks.

Google points out a heap-buffer overflow issue is causing the vulnerability, which is known as CVE-2021-21148.

“Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” Google's Thursday security update reads. As usual, Google will keep most details under wraps until the patch has reached enough users.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” said Google. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed.”

What's the Problem?

A heap-buffer overflow is an error in buffer-overflow that affects processing memory. Specifically, the sections of a process' memory that hosts dynamic variables (also called the heap) becomes overloaded and overflows. When this happens it can cause the program to misbehave and lead to memory access errors and program freezing.

It also causes vulnerabilities that bad actors can exploit with remote code execution attacks. That's the general explantation but we need to wait for Google to offer more details to understand the specifics of this flaw.

As always, updating is a good way to protect against the vulnerability. While Google Chrome updates automatically, users can update manually. That could be helpful here because the automatic patch is rolling out in phases. To check if Chrome needs an update, head to chrome://settings/help by clicking Settings > About Chrome.

It is worth noting this vulnerability is unrelated to an incident last week where Defender for Endpoint was flagging a Chrome update as malicious. It seems that incident remains an accident from the over-sensitive Microsoft Defender.  

Tip of the day:

Thanks to the Windows Subsystem for Linux (WSL) you can run complete Linux distributions within . In our tutorial, we show you how to install Ubuntu or other Linux packages and how to activate the bash shell.

SourceGoogle
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News