0 0

CVE-2021-21148 – Google Chrome Heap Buffer Overflow Vulnerability

A patch has been issued in version 88 of Google’s Chrome browser — specifically, version 88.0.4324.150 for Windows, Mac and Linux.

“Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” cited from Google’s Thursday security update.

Reportedly used to target security researchers

A report by Google researchers revealed that hackers linked to North Korea were targeting security researchers with an elaborate social-engineering campaign that set up trusted relationships with them — and then infected their organizations’ systems with custom malware.

“One of the methods the attackers used was to interact with the researchers and get them to follow a link on Twitter to a write-up hosted on a malicious website,” said researchers with Malwarebytes.

“Shortly after the visit, a malicious service was installed on the researcher’s system and an in-memory backdoor would begin to communicate with a command and control (C&C) server. This sure sounds like something that could be accomplished using a heap buffer overflow in a browser.”

However, Google has not confirmed any correlation with this attack.

This post was originally published on this site

Comments (0)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: