In a note, Google said “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” As a result we don’t know what exploit this is tied to, but ZDNet notes the timing puts it close to revelations about a campaign carried out by North Korean hackers that targeted security researchers, which may have relied on zero-day exploits in Chrome and Internet Explorer.

Regardless of where or how the bug is being exploited, you’ll still want to update your browser (and keep an eye out for fixes to other potentially affected software, like other Chromium-based browser) right away. As ZDNet and BleepingComputer noted, this occasionally happens. A notable fix in 2019 required a restart to for the fix to take effect, and there was a stretch last fall where, in one month, Google addressed five zero-days that were being actively exploited.

Source link