2 min Security

Google fixes zero-day vulnerability in Chrome

Google fixes zero-day vulnerability in Chrome

On Thursday, Google released a Chrome fix for a high-severity security problem in the browser. It is believed that the flaw was being exploited in the wild. The update will roll out in the coming days and weeks, according to Google’s blog post about the issue.

Google has named the vulnerability CVE-2021-21148 in the CVE database, a system run and maintained by the federally funded nonprofit Mitre Corp. The cybersecurity community uses it to track software flaws that can be exploited.

Google is not sharing the in-depth technical details with the cybersecurity community, for now, to prevent any spike in exploitation, before people have a chance to install the update.

No details until a majority of users update Chrome

A technical program manager from the Chrome team, Srinivas Sista, wrote in the blog post that access to bug details or links may be kept restricted until a majority of Chrome users have installed the update.

The post went on to say that the Chrome team would retain restrictions if the bug is present in third-party libraries that other projects depend on that haven’t yet been fixed.

Even though there is no detailed technical description, Google shared a high-level overview of the flaw. The search giant was notified of the issues on January 24 by security researcher Mattias Buelens.

The risks of this new flaw

According to Google, the vulnerability facilitates a heap buffer overflow attack. These attacks override some parts of the app’s memory, which are usually off-limits, to initiate malicious actions like modification of data or installing malware.

Google releases security fixes for Chrome to patch vulnerabilities spotted by external researchers or its engineers.

In November, the company released a patch for two separate security problems present in the browser. Hopefully, a lot of people will rush to patch the issue and avoid problems caused by attackers.