Update Google Chrome Now - A critical zero-day flaw has been exposed

Update Google Chrome Now - A critical zero-day flaw has been exposed

Google has released a new version of Chrome for Windows, macOS, and Linux.

This update brings the version of Chrome to 88.0.4324.150. You can check the status of your Chrome installation by going to Settings (the three dots stacked in the upper right corner) > Help > About Google Chrome. Opening this page will force Chrome to update if it has not already done so.

Other browsers that share Chrome's code may not have caught up yet. At the time of this writing, Brave is still stuck at an earlier version; Microsoft Edge had an update available, but because of the different version numbering scheme, it is not known if Chrome's flaw has been fixed.

Google did not provide many details about the fixed flaw in its Chrome release bulletin, but said it addresses a "heap buffer overflow in V8," Chrome's JavaScript engine. This means that the flaw overflows the memory limit of the JavaScript process and injects code into it.

The flaw has been given the catalog number CVE-2021-21148, and Google has stated that "the exploit is ...... We are aware of reports that it exists in the wild."

The flaw was reported to Google on January 24 by an independent security researcher named Mattias Buelens. This was the day before Google disclosed North Korean espionage against security researchers using the Chrome and Internet Explorer flaw, which may be related in some way.

Categories