Google has released a new update for its Chrome web browser – and this one contains an important security patch. The vulnerability, being tracked as CVE-2021-21148, is reportedly already being exploited in the wild.
The tech firm did not go into much detail about the security flaw in order to avoid alerting other threat actors of the vulnerability. Google also withheld information in case third-party applications were suffering from the same flaw but did not have patches ready for deployment.
- We've built a list of the best malware removal solutions
- Check out our roundup of the best endpoint protection
- Also, see our list of the best identity theft protection tools
The cleanup continues
Although Chrome’s auto-update feature will deliver the newly patched version of the browser (88.0.4324.150) direct to users, sometimes there can be delays if individuals do not restart Chrome or their computer regularly. Given the severity of this particular vulnerability, it’s probably a good idea to make sure that this update is installed pretty soon.
The lack of detail means that it is unclear which exploits Google has identified involving this vulnerability but ZDNet notes that shortly after Buelens reported on the flaw, Microsoft highlighted a cyberattack by North Korean hackers that it believed leveraged a Chrome zero-day. Therefore, some cybersecurity researchers are drawing connections between the two events.
Chrome’s security teams have certainly been busy of late, with plenty of vulnerabilities being discovered. As well as offering patches for other zero-day bugs, Google has also been working hard to remove malicious extensions from its Web Store as they can allow threat actors to infect unsuspecting users with malware.
- We've also highlighted the best antivirus services around today