Google Fixes Chrome Zero-Day Vulnerability in Latest Update

Google has released a new update for its Chrome web browser — and this one contains an important security patch.

Google released the latest version of the its Chrome web browser yesterday (88.0.4324.150), and Chrome 88 is a very important update all users should grab immediately.

As ZDNet reports, Chrome 88 fixes a zero-day vulnerability known as CVE-2021-21148. It was reported by security researcher Mattias Buelens on January 24, but Google discovered it was being exploited by hackers before the vulnerability could be patched out of the browser.

“Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” Google’s Srinivas Sista writes in a new post to the Chrome Releases blog. “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”

The exploit allowed Chrome users to be targeted by malicious code thanks to a memory corruption problem in Google’s V8 JavaScript engine, which forms part of the Chrome browser. Although Google hasn’t confirmed it, the exploit is thought to be what allowed security researchers to be targeted by North Korean hackers on social media last month.

Microsoft Threat Intelligence Center attributed the targeted campaign to ZINC, “a DPRK-affiliated and state-sponsored group.”

Obviously, Chrome users should upgrade as soon as possible to the latest version.

P.S. - Like our news? Support the site: become a Patreon subscriber. Or shop with our Amazon link, or buy us a coffee! We use affiliate links when possible--thanks for supporting independent media.