Skip to main content

Google Chrome update patches scary zero-day vulnerability — North Korean hackers suspected

Google Chrome app logo on a smartphone screen
(Image credit: Google)

Google has released a Chrome browser update to patch a zero-day vulnerability that security researchers suspect is part of a hacking campaign carried out by North Korean hackers.

The bug, known as CVE-2021-21148, is said to be fixed by Chrome update 88.0.4324.150, although details about it are to "be kept restricted until a majority of users are updated with a fix." However, Google is aware of reports that CVE-2021-21148 exists in the wild. The update for Chrome (top-right corner of the browser) will be available for Windows, Mac and Linux. 

North Korean hackers

While Google has yet to specifically provide details, CVE-2021-21148 was reported on January 24 by Mattias Buelens, a day after Google's Threat Analysis Group (TAG) and Microsoft reported North Korean hackers launched an attack against the cyber-security community (via The Hacker News).

The purpose of the hacker attack is reportedly to install a backdoor on Windows, and it was done by North Korean hackers luring security researchers to visit a fake research blog. Microsoft had reported on January 28 that this was most likely due to the Chrome zero-day bug CVE-2021-21148.

A zero-day vulnerability is a term used when a computer software vulnerability, usually bugs or malware, is unknown to those who would be trying to fix it. This makes it very dangerous as it lets hackers rampage while security groups are none the wiser.

The events all seem to lead to Google's new Chrome update, so it goes without saying that it's best to update the browser as soon as possible. Google has also stated it won't fully release details "if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed."

Those looking for extra privacy and protection when online should look into subscribing to one of the best VPN services.