Google, yesterday released the Chrome 88.0.4324.150 version which fixes an actively exploited zero-day security vulnerability. The Stable channel has been updated to 88.0.4324.150 for Windows, Mac, and Linux which will be rolled out to the users in the upcoming days or weeks.
If you are any of the desktop users (Windows, Mac, and Linux), you can upgrade to Chrome 88 by navigating to Settings -> Help -> About Google Chrome. Then, the Chrome browser will automatically search for the latest version and will install it whenever available.
Bug in V8 JavaScript Engine
Zero-day vulnerability assigned to the identifier of CVE-2021-21148 was defined as a “heap overflow” bug in the V8 JavaScript engine, Google’s open-source and C++ based high-performance WebAssembly and JavaScript engine.
Google stated that the bug was exploited in attacks in the wild before Mattias Buelens, a security researcher addressed the security vulnerability to its engineers on Jan 24.
Though the buffer overflow usually leads to crashes; however, the bug can likewise be exploited by the threat actors to execute the arbitrary code on the systems running the vulnerable software.
Google didn’t make any statement if the CVE-2021-21148 zero-day vulnerability was utilized to execute these attacks (North Korean hackers have targeted security researchers and ZINC attacks against security researchers), but, several security researchers believe that it was because of the proximity of these two events.
In spite of how this zero-day was exploited, daily users are suggested to utilize Chrome’s built-in update feature to update their browser to the latest version as soon as you find the update is available for your desktop. Moreover, you can manually look for the update through the Chrome menu, Help option, and About Google Chrome section.
Also Read: Google Patches Two More Chrome Zero-Day Vulnerabilities
Are you looking for more security updates? Subscribe to our newsletter for the latest security news right from the security and research industries.