Vulnerabilities in the JavaScript engine
The bug labeled as CVE-2021-21148 was reported by researcher Mattias Buelens on January 24th. Google has not provided the details because it expects the majority of users to update the browser. No information will be disclosed even if the problem is still present in third-party libraries.Given the date of the report, experts speculate that the "heap buffer overflow" vulnerability in V8 (open source JavaScript engine used in Chrome) was exploited by a group (ZINC) of cybercriminals, linked to the North Korean government, to carry out attacks against some security researchers.
In late January, Microsoft had indicated a vulnerability in Chrome's JavaScript engine as vehicle for the execution of cyber attacks. Buffer overflow is one of the most commonly used programming errors to run infected code on victims' computers.
Details of the vulnerability may be disclosed in the next few days. In any case, it is always recommended to update Chrome to the latest version. The operation is performed automatically, but can be forced manually in the settings by clicking on the Help item and then selecting About Google Chrome.
Source: Google