Log in
Register
Menu
Log in
Register
Home
What's new
Latest activity
Authors
Forums
New posts
Search forums
What's new
New posts
Latest activity
Members
Current visitors
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
Urgent update your Chrome browser NOW
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Topper" data-source="post: 1105321" data-attributes="member: 186250"><p>A zero-day vulnerability has been discovered in Chrome.</p><p>If you use Google Chrome, you need to stop reading this and update your browser this very second.</p><p></p><p>Google on Thursday <a href="https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html" target="_blank">released</a> the latest update to its popular browser (version 88.0.4324.150), which patches a critical zero-day vulnerability that hackers have already exploited.</p><p>A zero-day vulnerability is, basically, an exploitable flaw that the software maker doesn’t know about and thus cannot issue a patch. In this case, Google said, the vulnerability was a “heap buffer overflow” flaw in the V8 JavaScript engine, which powers Chrome.</p><p></p><p>Google said the vulnerability, dubbed “CVE-2021-21148,” was reported to the company on Jan. 24 by software developer Mattias Buelens. “Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” the company said.</p><p></p><p>While Google didn’t expand on what those “reports” are, the day after Buelens filed the bug report, Google’s Threat Analysis Group published a <a href="https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/" target="_blank">report</a> detailing a campaign by what they believe were North Korean nation-state hackers against a slew of cybersecurity professionals. Three days later, on Jan. 28, Microsoft security researchers published their own <a href="https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/" target="_blank">report</a>, further detailing the hacking campaign by the hacking group, which they dubbed “ZINC” and is also known as “Lazarus.”</p><p></p><p>Hopefully, the new Chrome patch locks out those hackers and anyone else who knew about the CVE-2021-21148 zero-day. (Again, it’s possible they exploited a different vulnerability, but the timing of all these reports suggest they’re connected.) Regardless, Chrome users should make sure to update the browser immediately.</p><p></p><p>To check for Chrome updates, click on <strong>Chrome</strong> in the menu, then <strong>About Google Chrome</strong>, or simply put <strong>chrome://settings/help</strong> in the address bar.</p><p></p><p>[URL unfurl="true"]https://www.gizmodo.com.au/2021/02/you-need-to-update-chrome-right-now-2/[/URL]</p></blockquote><p></p>
[QUOTE="Topper, post: 1105321, member: 186250"] A zero-day vulnerability has been discovered in Chrome. If you use Google Chrome, you need to stop reading this and update your browser this very second. Google on Thursday [URL='https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html']released[/URL] the latest update to its popular browser (version 88.0.4324.150), which patches a critical zero-day vulnerability that hackers have already exploited. A zero-day vulnerability is, basically, an exploitable flaw that the software maker doesn’t know about and thus cannot issue a patch. In this case, Google said, the vulnerability was a “heap buffer overflow” flaw in the V8 JavaScript engine, which powers Chrome. Google said the vulnerability, dubbed “CVE-2021-21148,” was reported to the company on Jan. 24 by software developer Mattias Buelens. “Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” the company said. While Google didn’t expand on what those “reports” are, the day after Buelens filed the bug report, Google’s Threat Analysis Group published a [URL='https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/']report[/URL] detailing a campaign by what they believe were North Korean nation-state hackers against a slew of cybersecurity professionals. Three days later, on Jan. 28, Microsoft security researchers published their own [URL='https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/']report[/URL], further detailing the hacking campaign by the hacking group, which they dubbed “ZINC” and is also known as “Lazarus.” Hopefully, the new Chrome patch locks out those hackers and anyone else who knew about the CVE-2021-21148 zero-day. (Again, it’s possible they exploited a different vulnerability, but the timing of all these reports suggest they’re connected.) Regardless, Chrome users should make sure to update the browser immediately. To check for Chrome updates, click on [B]Chrome[/B] in the menu, then [B]About Google Chrome[/B], or simply put [B]chrome://settings/help[/B] in the address bar. [URL unfurl="true"]https://www.gizmodo.com.au/2021/02/you-need-to-update-chrome-right-now-2/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
Urgent update your Chrome browser NOW
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top