If you use Chrome for Mac, you’ll want to be sure it’s updated today: Google has just fixed a vulnerability that was being actively exploited by North Korean hackers …
Google characterizes it as a high-risk flaw.
[$TBD] High CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens on 2021-01-24
Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild.
Google said the bug was exploited in attacks in the wild before a security researcher named Mattias Buelens reported the issue to its engineers on January 24.
Two days after Buelens’ report, Google’s security team published a report about attacks carried out by North Korean hackers against the cyber-security community.
Some of these attacks consisted of luring security researchers to a blog where the attackers exploited browser zero-days to run malware on researchers’ systems.
While it sounds like this was a targeted state-sponsored attack, once a zero-day exploit is revealed, it is likely to be used by others in more general attacks. Prompt updating is therefore always recommended.
You can update by going to Chrome > About Google Chrome. You’ll also find there an option to switch on automatic updates, which Google recommends.
We can also soon expect a security update from Apple to fix a Sudo bug that was also a heap overflow issue.
The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users. Qualys researchers discovered that they could trigger a “heap overflow” bug in the Sudo app to change the current user’s low-privileged access to root-level commands, granting the attacker access to the whole system.
FTC: We use income earning auto affiliate links. More.