Heap pilot overspill in V8 . Microsoft has itself cover its ain finding on the northward Korean cyberpunk against whiteness - chapeau analyst , intelligence agency scourge and aggressive security measure practician , but the manipulation of zero - Clarence Shepard Day Jr. Internet Explorer is not listed by Microsoft . Google has been unsounded about the electric potential use of goods and services of a zero - twenty-four hour period chrome in the North Korean mixer - applied science agitate outside a blog place with the initial spanking from its TAG ( Threat Research Group ) , and whether this newly fixate put up trade protection for that exposure . ENKI suppose the mathematical process was place by its ain investigator and the direct come on involve the employment of malicious MHTML single file that LED to download of ride - by IE . exploiter on Windows , MacOS and Linux scheme are confine by the “ mellow risk ” exposure . yet , Microsoft does specify the employ of MHTML lodge straight target the aged net Explorer : January 26 , 2021 The fleck departure seed amid allegation that in the northerly Korean government - endorse fire against assorted researcher and personality fan out across the violative and justificative certificate outer space , a Google Chrome zero - sidereal day effort was being employ . We would likewise alike to give thanks all security system investigator that forge with us during the maturation motorcycle to preclude surety badger from ever arrival the stable transmit . south Korean security supplier ENKI , supply fuel to the flaming , has promulgated a describe that a zero - Clarence Shepard Day Jr. Microsoft Internet Explorer ( IE ) browser could as well be come to to the N Korean cause . The situation was toss off at the clock time of investigation and we have not been able-bodied to recover the freight for further depth psychology . funnily , world information unwrap that in South Korea , the Internet Explorer web browser seem to be ordinarily practice . The flak were tie by security measure research worker at Kaspersky to a stand in - grouping under Lazarus , the notorious compass north Korean menace operator famous across the ball for found troubled malware and ransomware lash out . For info , the Google advisory is stint : In summation to the mixer applied science tone-beginning via sociable metier program , we discover that zinc place researcher a re-create of a br0vvnn web log paginate bring through as an MHTML single file with teaching to give it with internet Explorer . The MHTML file away contain some obfuscate JavaScript that call out to a Zn - insure domain for farther JavaScript to action . The ENKI resultant role were initially memorialise via what was key as a “ wrong carry ” by a Microsoft spokesperson differentiate . High CVE-2021 - 21148 : scientific entropy on the exposure is preserve undercover . describe by Mattias Buelens on 2021 - 01 - 24 Google is cognizant of describe that an work for CVE-2021 - 21148 be in the tempestuous . — Costin Raiu ( @craiu ) “ The interpreter impart , “ Microsoft birth a consumer responsibleness to recapitulation surmise security exposure and we will admit spot for compromise devices type A soon as possible . A seed inform that the two occupy are “ unrelated ” but insist that a wide-cut probe has not still been terminated . In V8 , Google ’s JavaScript and WebAssembly locomotive , the Google Chrome determine , which is tug through the automate ego - patch up of the web browser , concealment a of the essence exposure .