Google Chrome update patches this major security issue

Google Chrome
(Image credit: Shutterstpck)
Audio player loading…

Google has released a new update for its Chrome (opens in new tab) web browser – and this one contains an important security patch.  The vulnerability, being tracked as CVE-2021-21148, is reportedly already being exploited in the wild.

The tech firm did not go into much detail about the security flaw in order to avoid alerting other threat actors of the vulnerability. Google also withheld information in case third-party applications were suffering from the same flaw but did not have patches ready for deployment.

The search engine giant did reveal, however, that the bug has been given a severity ranking of “high (opens in new tab)” and was a heap buffer overflow memory corruption bug found affecting the V8 JavaScript engine. The vulnerability was discovered by security researcher Mattias Buelens, underlining the importance of bug discovery programs for maintaining a secure online environment.

The cleanup continues

Although Chrome’s auto-update feature will deliver the newly patched version of the browser (88.0.4324.150) direct to users, sometimes there can be delays if individuals do not restart Chrome or their computer regularly. Given the severity of this particular vulnerability, it’s probably a good idea to make sure that this update is installed pretty soon.

The lack of detail means that it is unclear which exploits Google has identified involving this vulnerability but ZDNet (opens in new tab) notes that shortly after Buelens reported on the flaw, Microsoft highlighted a cyberattack by North Korean hackers that it believed leveraged a Chrome zero-day. Therefore, some cybersecurity researchers are drawing connections between the two events.

Chrome’s security teams have certainly been busy of late, with plenty of vulnerabilities being discovered. As well as offering patches for other zero-day bugs (opens in new tab), Google has also been working hard to remove malicious extensions (opens in new tab) from its Web Store as they can allow threat actors to infect unsuspecting users with malware.

  • We've also highlighted the best antivirus (opens in new tab) services around today

Via Engadget (opens in new tab)

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.