The UBC Cybersecurity Team is aware that Google published a security advisory to address a vulnerability with Chrome for Desktop – a Heap buffer overflow in V8.
Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild.
The vulnerability affects Chrome for Desktop versions prior to 88.0.4324.150.
The impact of this vulnerability may allow a remote attacker to execute arbitrary code on the target system. Google did not release any technical details about this vulnerability.
This vulnerability is rated as a HIGH risk. A software patch exists to mitigate this risk. Please patch this vulnerability within 14 days.
Please notify security@ubc.ca with any questions or concerns you may have.
How to check and update your Chrome Version:
Chrome users can updated to v88.0.4324.150 via the browser’s built-in update function (see Chrome menu, Help option, and About Google Chrome section).
Navigate to Chrome menu (Three vertical dots in the top right corner)
- Select Help
- Select About Google Chrome
- Check that your Chrome version is 88.0.4324.150
- Update if an update is available
Note: This vulnerability is reported for Desktop versions of Google Chrome
Actions Required
These vulnerabilities are rated as an overall HIGH risk. A patch exists to mitigate this vulnerability. Please take mitigating actions within 14 Days of receiving this notification.
For more information on these vulnerabilities, please refer to links in references.
- Locate the device or application and investigate.
- Notify business owner(s).
- Perform mitigating actions as required within 14 Days of receiving this notification.
References
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
https://nakedsecurity.sophos.com/2021/02/05/chrome-zero-day-browser-bug-found-patch-now/
UBC Cybersecurity Confidential Communications
You may have noted that this vulnerability alert was taken directly from the UBC Cybersecurity Confidential Communications article posted at: https://cc.cybersecurity.ubc.ca/?p=7278
To ensure such timely information is not missed, if you haven’t already, please sign up for a privileged Confidential Communications account by going to the Confidential Communications portal at https://cc.cybersecurity.ubc.ca/ (VPN connection required) and selecting “Apply for Privileged Access” on the right-hand side under “Membership”. This particularly applies to administrators.