Skip to main content

Google Chrome update patches this major security issue

Google Chrome
(Image credit: Shutterstpck)

Google has released a new update for its Chrome web browser – and this one contains an important security patch.  The vulnerability, being tracked as CVE-2021-21148, is reportedly already being exploited in the wild.

The tech firm did not go into much detail about the security flaw in order to avoid alerting other threat actors of the vulnerability. Google also withheld information in case third-party applications were suffering from the same flaw but did not have patches ready for deployment.

The search engine giant did reveal, however, that the bug has been given a severity ranking of “high” and was a heap buffer overflow memory corruption bug found affecting the V8 JavaScript engine. The vulnerability was discovered by security researcher Mattias Buelens, underlining the importance of bug discovery programs for maintaining a secure online environment.

The cleanup continues

Although Chrome’s auto-update feature will deliver the newly patched version of the browser (88.0.4324.150) direct to users, sometimes there can be delays if individuals do not restart Chrome or their computer regularly. Given the severity of this particular vulnerability, it’s probably a good idea to make sure that this update is installed pretty soon.

The lack of detail means that it is unclear which exploits Google has identified involving this vulnerability but ZDNet notes that shortly after Buelens reported on the flaw, Microsoft highlighted a cyberattack by North Korean hackers that it believed leveraged a Chrome zero-day. Therefore, some cybersecurity researchers are drawing connections between the two events.

Chrome’s security teams have certainly been busy of late, with plenty of vulnerabilities being discovered. As well as offering patches for other zero-day bugs, Google has also been working hard to remove malicious extensions from its Web Store as they can allow threat actors to infect unsuspecting users with malware.

Via Engadget