The Chrome browser just received a small but crucial incremental update and you should drop what you’re doing and click that “check for updates” button. Seriously. Do it right now. I’ll be here when you’re done to explain what’s going on. Back? Good. The Chrome browser gets updates all the time. Between major releases, there are usually two or three incremental updates that contain bug fixes, feature tweaks, and most importantly, security patches. Sometimes, the list of updates is massive. Other times, a single vulnerability in Chrome can prompt one of these updates to protect the end-user. That’s exactly what happened this week.
More often than not, these security vulnerabilities are identified by researchers before they have the opportunity to be exploited by any baddies. In rarer cases, these weaknesses are actually discovered by more unsavory types and an attack is launched against unknowing users. The latest update to Chrome 88 is intended to patch one such security hole and researchers believe that an exploit has been spotted out in the wild.
The bug, CVE-2021-21148, was discovered by researcher Mattias Buelens and pertains to a heap overflow corruption issue in the V8 JavaScript engine. Google has acknowledged that an active exploit has been identified in the wild but no further details were given about the incident. Two days after Buelens made the report, Google’s Threat Analysis Group reports an active hacker threat out of North Korea that could possibly be related to the security vulnerability. The attack stemmed from various social media platforms and specifically target researchers. Clicking links on certain social media profiles led users to pages at which time the attackers attempted to inject malware via the browser. More details on that threat here.
Needless to say, you should always keep your browser updated but this is one instance where you should not delay. There will always be those looking to exploit users but thankfully, we have fine people like Mattias Buelens who are on the lookout for these security holes and Google is quick to get them patched. If you aren’t sure if you have the latest version of Chrome, click the three-dot menu at the top right, click “help” and click About Chrome. Hit that check for updates button. If you are up-to-date, you should be on version 88.0.4324.150 for Windows, Mac, and Linux. Stay safe.
Join Chrome Unboxed Plus
Introducing Chrome Unboxed Plus – our revamped membership community. Join today at just $2 / month to get access to our private Discord, exclusive giveaways, AMAs, an ad-free website, ad-free podcast experience and more.
Plus Monthly
$2/mo. after 7-day free trial
Pay monthly to support our independent coverage and get access to exclusive benefits.
Plus Annual
$20/yr. after 7-day free trial
Pay yearly to support our independent coverage and get access to exclusive benefits.
Our newsletters are also a great way to get connected. Subscribe here!
Click here to learn more and for membership FAQ
Source: Chrome Release via ZDNet