Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability

Google Chrome Material Icon 450x450Google has released Chrome version 88.0.4324.150 with an important fix for a zero-day vulnerability in the web browser that the company says is likely to have been exploited in the wild.

Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."

However, ZDNet notes that the date on which Google says the bug was reported, January 24, is just two days after Google's Threat Analysis Group reported a hacking campaign carried out by North Korean hackers against the cyber-security community.

Some of the attacks involved luring security researchers to a blog where the attackers exploited browser zero-days to run malware on the researchers' systems. On January 28, Microsoft also reported that attackers most likely used a Chrome zero-day for their attacks.

The proximity of the two events has led security researchers to suspect that it was indeed the CVE-2021-21148 zero-day that was used in the attacks. As a result, all users are being advised to use the Chrome menu bar's About Google Chrome option to upgrade their browser to the latest version as soon as possible.

Google Chrome for Mac is a free download available directly from Google's servers. Google Chrome for iOS is a free download for iPhone and iPad available on the App Store. [Direct Link]

Top Rated Comments

techpr Avatar
20 months ago
I stopped using and uninstalled Chrome in 2020. Safari and Firefox for me.
Score: 3 Votes (Like | Disagree)
ian87w Avatar
20 months ago
Does this zero-day vulnerability only affect Chrome, or does it affect all Chromium based browsers?
Score: 2 Votes (Like | Disagree)
macdos Avatar
20 months ago
Always these "overflows", there's no end to it, it is just like Flash.

Code in apps and OSs should be rewritten from scratch with something else than C and derivatives, something that doesn't use "pointers", something that is tight from start.
Score: 2 Votes (Like | Disagree)
chucker23n1 Avatar
20 months ago

What about WebKit based browsers like Safari? Is the exploit something Google added since forking for Chromium, or is it something that was separately fixed already for WebKit?
If the bug is in V8, WebKit won't be affected because WebKit's JS engine was never V8. (Chrome choosing its own JS engine happened long before it forked WebKit to Blink.)

If the bug is outside V8, it is indeed possible that WebKit is affected.
Score: 1 Votes (Like | Disagree)
MysticCow Avatar
20 months ago

Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."
"We have discovered a bug where Apple's tracking option will cause Chrome to crash, so we are trying to disable it!"

Internet irony might be lost on this one.

Curious as to what others uses as a backup browsers to Safari? I'm looking to de-google thus Chrome is out, but need a Chromium browser for the occasional website where Safari doesn't place nice.
Firefox with uMatrix and Facebook Container. It works wonders to clear the tracking gunk.
Score: 1 Votes (Like | Disagree)
luvbug Avatar
20 months ago
The Brave browser has already updated the stable release to this latest Chrome build. Just FYI. Edit: "latest Chromium build", which tracks the Chrome build exactly, but excludes the closed-source bits.
Score: 1 Votes (Like | Disagree)

Related Stories

google iphone home screen

Google Basically Wants Your iPhone 13 Home Screen to Look Like Android

Tuesday September 28, 2021 5:59 am PDT by
In a new blog post titled "Bring the best of Google to your iPhone," Google is on an endeavor to convince new iPhone 13 users to transform their ‌device’s home screen to look like Android. The blog post, written by Google's director for the iOS platform, features screenshots of an iPhone 13 home screen filled with Google apps and widgets. The post implies that customers should possibly...
chrome 90

Chrome 90 Defaults to HTTPS, Adds AV1 Codec for Optimized Video Conferencing

Thursday April 15, 2021 1:09 am PDT by
Google today rolled out Chrome 90 to its stable channel, introducing automatic preference for HTTPS sites over the HTTP protocol, plus some other notable changes. By default, Chrome will now redirect all websites to use the more secure HTTPS protocol. Encrypted using Transport Layer Security (TLS), HTTPS secures communication over networks by authenticating the website and protecting the...
powerdir exploit microsoft

Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update

Monday January 10, 2022 9:17 am PST by
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data. Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...
iOs 15 Safari Feature

Google to Fix Bug That Disables Safari AMP Search Results on iOS 15 Devices

Wednesday October 6, 2021 2:55 pm PDT by
A bug in iOS 15 and iPadOS 15 is preventing Safari from loading AMP links for Google search results, but the issue is not intentional and Google is preparing a fix that's set to be released in the near future. Developer Jeff Johnson today published a blog post speculating on whether Google had intentionally disabled AMP links for Google search results in Safari on devices running iOS 15 (via ...
safari icon blue banner

macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity

Thursday January 20, 2022 1:30 pm PST by
The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities. As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses...
google one app

Google One Disappears From App Store a Day After VPN Launch [Update: Google One is Back in the App Store]

Wednesday February 2, 2022 12:01 pm PST by
The Google One app for iPhone and iPad appears to have mysteriously disappeared from the App Store this morning, and it is no longer available for download. As noted on Reddit, attempting to download the Google One app in the United States and Canada pops up an error message that says "App Not Available." It is not clear why the app has been removed from the App Store at this time, and...
Google Logo Feature Slack

Google I/O to Take Place in May, Will Once Again Be Online

Wednesday March 16, 2022 3:16 pm PDT by
Google today announced that its annual Google I/O developers conference is set to take place on Wednesday, May 11, and Thursday, May 12, about a month ahead of when we're expecting Apple to hold the annual Worldwide Developers Conference. Alphabet CEO Sundar Pichai shared the news this afternoon, and he said the event will be "live from Shoreline Amphitheatre," with the content available...
webkit vs chromium feature

Should Apple Continue to Ban Rival Browser Engines on iOS?

Friday February 25, 2022 7:39 am PST by
Apple requires all apps that browse the web in iOS and iPadOS to use its own browser engine, WebKit, but amid accusations of anti-competitive conduct, should it continue to effectively ban rival browser engines? Big tech has been gripped by accusations of anti-competitive conduct in recent times, with Chief Executive of the UK's Competition and Markets Authority (CMA) Andrea Coscelli...

Popular Stories

airpods pro black background

AirPods Pro 2: Five New Features and Improvements to Expect

Sunday August 14, 2022 3:28 pm PDT by
Apple's second-generation AirPods Pro are finally nearing launch, with a release expected later this year. If you are considering upgrading to the new AirPods Pro once they are released, keep reading for a list of five new features to expect. In addition to all-new features, the second-generation AirPods Pro will likely adopt some features added to the standard AirPods last year. H2 Chip ...
10th Generation iPad Render

10th-Generation iPad With Major Design Changes Reportedly in Production Ahead of September Launch

Monday August 15, 2022 8:02 pm PDT by
Apple's rumored 10th-generation iPad is currently in production and will feature "major" design changes, according to a report from Taiwanese website DigiTimes. A mockup of the potential 10th-generation iPad design by Renders By Shailesh The report did not provide any specific details about the 10th-generation iPad's new design, but rumors suggest the device will feature a larger 10.5-inch...
ios 16 lock screen feature2

Apple Seeds Sixth Betas of iOS 16 and iPadOS 16 to Developers [Update: Public Beta Available]

Monday August 15, 2022 10:04 am PDT by
Apple today seeded the sixth betas of upcoming iOS 16 and iPadOS 16 updates to developers for testing purposes, with the updates coming a week after Apple released the fifth developer betas. Registered developers can download the iOS and iPadOS 16 profiles from the Apple Developer Center, and once installed, the betas will be available over the air. iOS 16 introduces a revamped Lock...
iPhone 14 Dummies 1 Feature

Everything Rumored for Apple's September Event: iPhone 14, Apple Watch Pro and More

Friday August 12, 2022 2:34 pm PDT by
There's just about a month to go until Apple holds its annual September event focusing on new iPhone and Apple Watch models. We thought we'd take a quick look at everything that's rumored for Apple's September event to give MacRumors readers a rundown on what to expect when the first fall event rolls around. iPhone 14 The iPhone 14 can probably be described more as an "iPhone 13S" because...
apple watch se

Apple Watch SE vs. Apple Watch Series 8: New Features to Expect If You've Waited to Upgrade

Monday August 15, 2022 2:44 am PDT by
The Apple Watch SE was announced in September 2020 and has been a popular Apple Watch model for customers looking for their first smartwatch or an affordable Apple Watch. Apple Watch SE customers may be wondering, however, what's in store for them with the upcoming Apple Watch Series 8 and what new features they can expect. Continue reading to find out. Apple Watch SE vs. Apple Watch Series ...
Apple Watch Series 3 v 8 1

Apple Watch Series 3 vs. Apple Watch Series 8: 20 Major New Features and Changes for Customers Upgrading

Tuesday August 16, 2022 6:52 am PDT by
It's crazy to think about, but next month will mark five years since Apple announced the Apple Watch Series 3. Despite being a severely antiquated smartwatch, the Series 3 has remained at the bottom of Apple's lineup for $199. Suppose you're still holding on to your Apple Watch Series 3. In that case, this article will list all the major new features and changes you'll get if you decide to...
iPhone 14 Pro Lineup Feature Purple

Apple Planning to Hold iPhone 14 Event on September 7

Wednesday August 17, 2022 9:51 am PDT by
Apple is aiming to hold its first fall event on Wednesday, September 7, reports Bloomberg's Mark Gurman. The event will focus on the iPhone 14 models and the Apple Watch Series 8. The standard iPhone 14 models are expected to get few changes, but the iPhone 14 Pro models will include updated camera technology, the removal of the notch in favor of a pill-shaped and hole-punch cutout, an A16...