Greetings,
Do we have a timeline for how soon the recently discovered zero-day bug described in CVE-2021-21148 - now being actively exploited - will be patched?
Thank you.
Cheers,
AJN
Chromium Zero-Day Exploit CVE-2021-21148
Re: Chromium Zero-Day Exploit CVE-2021-21148
Looks like the Chrome people have fixed it:
https://www.techradar.com/news/google-c ... rity-issue
How about it Slimjet devs?
https://www.techradar.com/news/google-c ... rity-issue
How about it Slimjet devs?
Re: Chromium Zero-Day Exploit CVE-2021-21148
Thanks; I should have explicitly referenced Slimjet.
-
oftentired
- Posts: 1769
- Joined: Tue May 13, 2014 3:14 am
Re: Chromium Zero-Day Exploit CVE-2021-21148
The developer does not typically share his schedule.
For those of you who wear aluminum foil hats, the voices lie, don't believe them!
Mostly my replies are about Windows OS. If not I try to remember to specify Linux.
64 Bit SJ on Win 11
Mostly my replies are about Windows OS. If not I try to remember to specify Linux.
64 Bit SJ on Win 11
Re: Chromium Zero-Day Exploit CVE-2021-21148
I know Slimjet does not use every new version of Chromium as soon as it comes out.
Is this problem even relevant to Slimjet?
Is this problem even relevant to Slimjet?
Re: Chromium Zero-Day Exploit CVE-2021-21148
Yes; this applies to all chromium-based browsers.I know Slimjet does not use every new version of Chromium as soon as it comes out.
Is this problem even relevant to Slimjet?
The Register 5 February 2021
Chrome zero-day bug that is actively being abused by bad folks affects Edge, Vivaldi, and other Chromium-tinged browsers
Install your updates pronto
"If you use Google Chrome or a Chromium-based browser such as Microsoft Edge, update it immediately and/or check it for updates over the coming days: there is a zero-day bug being "actively exploited" in the older version of Chrome that will also affect other vendors' browsers."
<article continues>
SecurityWeek February 5, 2021
Google Chrome, Microsoft IE Zero-Days in Crosshairs
Google late Thursday night shipped an emergency patch to close a Chrome browser vulnerability that was being used in mysterious zero-day attacks.
<article continues>
(A quick search will produce a plethora of articles.)
-
oftentired
- Posts: 1769
- Joined: Tue May 13, 2014 3:14 am
Re: Chromium Zero-Day Exploit CVE-2021-21148
Any browser using the Chromium engine before version 88.0.4324.150 is affected. Slimjet is currently on 87.0.4280.66.
For those of you who wear aluminum foil hats, the voices lie, don't believe them!
Mostly my replies are about Windows OS. If not I try to remember to specify Linux.
64 Bit SJ on Win 11
Mostly my replies are about Windows OS. If not I try to remember to specify Linux.
64 Bit SJ on Win 11
Re: Chromium Zero-Day Exploit CVE-2021-21148
As it is now well over a month since my original post — and the patched version of Chromium released (currently at version 89.0) to address CVE-2021-21148, it would now seem time to migrate to another Chromium-based browser, such as Brave or Vivaldi (both of which are at Chrome 89.0) for those running Windows 7 ESU, as well as Windows 8.1 and 10 (for those who don't care for Microsoft's Edge, which has actually garnered some respectable reviews).
Firefox ESR has been my go-to browser these past five-plus weeks.
Slimjet had been a pleasant experience. Pity.
Firefox ESR has been my go-to browser these past five-plus weeks.
Slimjet had been a pleasant experience. Pity.
Re: Chromium Zero-Day Exploit CVE-2021-21148
Are we up to speed on this one yet?
Re: Chromium Zero-Day Exploit CVE-2021-21148
Not as far as I am aware, sadly; version 29.0.3.0 is still based on Chromium 87.0.4280.66 — and I wish that that were not the case. (Updated language files; really?!?)