IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google fixes actively exploited Chrome zero-day

The flaw may be related to a recent hacking campaign against the cyber security community

Google has released an updated version of its Chrome web browser following reports of a zero-day vulnerability being exploited in the wild.

Version 88.0.4324.150 for Windows, Mac and Linux contains only one patch which is aimed at a memory corruption bug in Chrome’s V8 JavaScript engine, known as CVE-2021-21148.

The vulnerability, marked as high risk, was reported on 24 January by security researcher Mattias Buelens, who is also a lead software architect on THEOplayer. 

Google Chrome technical program manager Srinivas Sista said that the tech giant is “aware of reports that an exploit for CVE-2021-21148 exists in the wild”. He didn’t provide any additional details about the zero-day vulnerability due to risk of further exploitation, noting that the majority of users hadn’t yet been updated with a fix.

However, ZDNet notes that the date on which Google says the bug was reported, January 24, is just two days after Google's Threat Analysis Group reported a hacking campaign carried out by North Korean hackers against the cyber security community. It's believed this campaign may have relied on zero-day exploits in Chrome and Internet Explorer.

Chrome version 88.0.4324.150 has begun to roll out to users across Windows, Mac and Linux systems. Users can check if their Chrome browser is up to date by following these steps: 

  1. Open your Chrome browser and look the three vertical dots on the top right corner
  2. If the dots are coloured, there is a pending update
    • Green means the update it less than two days old
    • Orange means the update is about four days old
    • Red means the update is a least a week old
  3. If the dots are coloured, click them to open the menu
  4. Click “Update Google Chrome”
  5. Exit your Chrome browser and reopen it to complete the update.

Google was forced to deal with another Chrome zero-day vulnerability in October of last year, when its Project Zero security team discovered that hackers were exploiting the bug to attack Chrome users’ systems. 

The vulnerability, a memory corruption bug in the FreeType font-rendering library, prompted the tech giant to release the Chrome OS 86.0.4240.112 update, which addressed the detected zero-day security flaw on Google Chromebooks

Featured Resources

The COO's pocket guide to enterprise-wide intelligent automation

Automating more cross-enterprise and expert work for a better value stream for customers

Free Download

Introducing IBM Security QRadar XDR

A comprehensive open solution in a crowded and confusing space

Free Download

2021 Gartner critical capabilities for data integration tools

How to identify the right tool in support of your data management solutions

Free Download

Unified endpoint management solutions 2021-22

Analysing the UEM landscape

Free Download

Recommended

What is zero trust?
network security

What is zero trust?

14 Jul 2022
Retbleed hardware-level flaw brings overhead woe to Intel and AMD
Hardware

Retbleed hardware-level flaw brings overhead woe to Intel and AMD

13 Jul 2022
An analysis of the European cyber threat landscape
Whitepaper

An analysis of the European cyber threat landscape

8 Jul 2022
Solve cyber resilience challenges with storage solutions
Whitepaper

Solve cyber resilience challenges with storage solutions

4 Jul 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion
Hardware

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022