Support our independent tech coverage. Chrome Unboxed is written by real people, for real people—not search algorithms. Join Chrome Unboxed Plus for just $2 a month to get an ad-free experience, access to our private Discord, and more. Learn more about membership here.
START FREE TRIAL (MONTHLY)START FREE TRIAL (ANNUAL)
The Chrome browser just received a small but crucial incremental update and you should drop what you’re doing and click that “check for updates” button. Seriously. Do it right now. I’ll be here when you’re done to explain what’s going on. Back? Good. The Chrome browser gets updates all the time. Between major releases, there are usually two or three incremental updates that contain bug fixes, feature tweaks, and most importantly, security patches. Sometimes, the list of updates is massive. Other times, a single vulnerability in Chrome can prompt one of these updates to protect the end-user. That’s exactly what happened this week.
More often than not, these security vulnerabilities are identified by researchers before they have the opportunity to be exploited by any baddies. In rarer cases, these weaknesses are actually discovered by more unsavory types and an attack is launched against unknowing users. The latest update to Chrome 88 is intended to patch one such security hole and researchers believe that an exploit has been spotted out in the wild.
The bug, CVE-2021-21148, was discovered by researcher Mattias Buelens and pertains to a heap overflow corruption issue in the V8 JavaScript engine. Google has acknowledged that an active exploit has been identified in the wild but no further details were given about the incident. Two days after Buelens made the report, Google’s Threat Analysis Group reports an active hacker threat out of North Korea that could possibly be related to the security vulnerability. The attack stemmed from various social media platforms and specifically target researchers. Clicking links on certain social media profiles led users to pages at which time the attackers attempted to inject malware via the browser. More details on that threat here.
Needless to say, you should always keep your browser updated but this is one instance where you should not delay. There will always be those looking to exploit users but thankfully, we have fine people like Mattias Buelens who are on the lookout for these security holes and Google is quick to get them patched. If you aren’t sure if you have the latest version of Chrome, click the three-dot menu at the top right, click “help” and click About Chrome. Hit that check for updates button. If you are up-to-date, you should be on version 88.0.4324.150 for Windows, Mac, and Linux. Stay safe.
SUBSCRIBE TO UPSTREAM
Get Chrome Unboxed delivered straight to your inbox
Upstream is our flagship, curated newsletter with the top stories, most click-worthy deals, giveaways, and trending articles from Chrome Unboxed sent directly to your inbox a few times a week. Join 31,000+ subscribers.
Source: Chrome Release via ZDNet
