Update Chrome for Windows, Mac and Linux to protect against a dangerous zero-day vulnerability
A serious security vulnerability has been discovered in Chrome, forcing Google to push out an emergency update to the browser. Affecting the Windows, Mac and Linux versions of Chrome, the high severity vulnerability is being tracked as CVE-2021-21148.
Described as a "heap buffer overflow in V8", it is being actively exploited in the wild, although few details of the exploit are available. Because of the severity of the vulnerability, Google has released a fix and is urging everyone to install it.
See also:
- Microsoft releases KB4598291 update to fix lots of Windows 10 problems
- Linux sudo vulnerability also affects macOS
- Linux malware Kobalos steals credentials using hacked OpenSSH software
The issue was reported to Google by security researcher Mattias Buelen back on January 24, but the company says that exploits existed in the wild before this date. It is not clear whether this vulnerability, which affects Chrome's JavaScript engine, is the same one that was used in a high-profile attack recently.
Aaron Drapkin, Digital Privacy Researcher at digital freedom firm ProPrivacy, reacted to news of the security flaw saying: "Google Chrome's admission that there is a zero-day exploit in the wild should worry everyone using the browser. We're talking about a vulnerability being actively leveraged by hackers whilst remaining elusive to Google concurrently. They can only fight back when they discover what this is -- which will mark day zero of mitigation".
He continues:
Zero-day exploits are not uncommon, and can be expected in a browser so many people use, but for this particular vulnerability, day zero is yet to happen.
This means ensuring your Chrome browser is running the most recent software available is paramount. Updating your browser with a patch is the best -- and the only -- thing you can do.
Writing on the Chrome blog, Srinivas Sista from the browser team said:
The Stable channel has been updated to 88.0.4324.150 for Windows, Mac and Linux which will roll out over the coming days/weeks.
A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 1 security fix. Please see the Chrome Security Page for more information.
[$TBD][1170176] High CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens on 2021-01-24
Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild.
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
To ensure that you're protected, you need to ensure that you're running at least Chrome 88.0.4324.150. You can check this via the Help > About Google Chrome menu, and visiting this page will also force the browser to check for available updates.
Image credit: Ilya Sergeevych / Shutterstock