Google has released a key Chrome update with security fix for the zero-day vulnerability actively being exploited in the wild.
Although the company did not disclose which key vulnerability it has issued a fix for, but its Threat Analysis Group last month disclosed a hacking campaign by state-backed North Korean hackers who allegedly misused an unpatched vulnerability in Chrome.
The Chrome 88 update is being rolled out across Windows, Mac, and Linux devices.
“The Stable channel has been updated to 88.0.4324.150 for Windows, Mac and Linux which will roll out over the coming days/weeks,” the company said in an update.
“Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” it added.
The company said that access to bug details and links may be kept restricted until a majority of users are updated with a fix.
“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” Google said.
Late last month, Google reported that the government-backed hackers based in North Korea are targeting individual security researchers through a number of means including a “novel social engineering method.”
The hacking group has used multiple platforms to communicate with potential targets, including Twitter, LinkedIn, Telegram, Discord, Keybase and email.
On January 14, the actors shared via Twitter a YouTube video they uploaded that proclaimed to exploit CVE-2021-1647, a recently patched Windows Defender vulnerability.