Chrome 88 up-date patches a zero-day that has been actively exploited

Google Chrome’s autoupdate function means we don’t often have to think of being in the version that is latest, but occasionally users will want to take a break and make sure they’re upgraded — this is one of those days. The version of Chrome 88 rolling out now for Windows, Mac and Linux (88.0.4324.150) addresses one item, but it’s a big one.

According to a blog post, security researcher Mattias Buelens reported a vulnerability in Chrome’s WebAssembly and JavaScript engine V8, which could allow an attacker to execute code on a victim’s computer. Google didn’t go into detail about the nagging issue, tagged CVE-2021-21148, but said it is conscious of reports the bug has already been being exploited in the great outdoors, therefore upgrade straight away.

In an email, Bing stated “Access to bug details and links might be held limited until a lot of users are updated with a fix. We’ll additionally retain limitations in the event that bug exists in a party that is third that other projects similarly depend on, but haven’t yet fixed.” As a result we don’t know what exploit this is tied to, but ZDNet notes the timing puts it close to revelations about a campaign carried out by North Korean hackers that targeted security researchers, which may have relied on zero-day exploits in Chrome and Internet Explorer.

Regardless of where or how the bug is being exploited, you’ll still want to update your browser (and keep an eye out for fixes to other software that is potentially affected like other Chromium-based web browser) immediately. As ZDNet and BleepingComputer noted, this sometimes occurs. A fix that is notable 2019 needed a restart to for the fix to simply take impact, and there clearly was a stretch last autumn where, in a single thirty days, Bing addressed five zero-days which were being earnestly exploited.

Latest posts