Google received information about the vulnerability on January 24 from security researcher Mattias Buelens, and the company published a patch with the fix on February 4. The vulnerable component in this case is the JavaScript V8 engine embedded in the browser.
Exploiting the vulnerability can be as simple as crafting a malicious Web page and luring victims to it, but as a potentially devastating result, they can gain total control over the affected system. The vulnerability lets cybercriminals perform a heap overflow attack - a manipulation that can lead to remote code execution on a victim’s device. Here’s what’s going on, and how to update your browser. Browser versions for major desktop operating systems (Windows, MacOS, and Linux) are all vulnerable. We recommend addressing it as soon as possible because cybercriminals are already exploiting it. Researchers have found a critical vulnerability, CVE-2021-21148, in Google Chrome.
KasperskyEndpoint Security for Business Advanced.KasperskyEndpoint Security for Business Select.Kaspersky Internet Security for Android.