Google has released a new update for its Chrome (opens in new tab) web browser – and this one contains an important security patch. The vulnerability, being tracked as CVE-2021-21148, is reportedly already being exploited in the wild.
The tech firm did not go into much detail about the security flaw in order to avoid alerting other threat actors of the vulnerability. Google also withheld information in case third-party applications were suffering from the same flaw but did not have patches ready for deployment.
- We've built a list of the best malware removal (opens in new tab) solutions
- Check out our roundup of the best endpoint protection (opens in new tab)
- Also, see our list of the best identity theft protection (opens in new tab) tools
The cleanup continues
Although Chrome’s auto-update feature will deliver the newly patched version of the browser (88.0.4324.150) direct to users, sometimes there can be delays if individuals do not restart Chrome or their computer regularly. Given the severity of this particular vulnerability, it’s probably a good idea to make sure that this update is installed pretty soon.
The lack of detail means that it is unclear which exploits Google has identified involving this vulnerability but ZDNet (opens in new tab) notes that shortly after Buelens reported on the flaw, Microsoft highlighted a cyberattack by North Korean hackers that it believed leveraged a Chrome zero-day. Therefore, some cybersecurity researchers are drawing connections between the two events.
Chrome’s security teams have certainly been busy of late, with plenty of vulnerabilities being discovered. As well as offering patches for other zero-day bugs (opens in new tab), Google has also been working hard to remove malicious extensions (opens in new tab) from its Web Store as they can allow threat actors to infect unsuspecting users with malware.
- We've also highlighted the best antivirus (opens in new tab) services around today
Via Engadget (opens in new tab)