Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability

Google Chrome Material Icon 450x450Google has released Chrome version 88.0.4324.150 with an important fix for a zero-day vulnerability in the web browser that the company says is likely to have been exploited in the wild.

Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."

However, ZDNet notes that the date on which Google says the bug was reported, January 24, is just two days after Google's Threat Analysis Group reported a hacking campaign carried out by North Korean hackers against the cyber-security community.

Some of the attacks involved luring security researchers to a blog where the attackers exploited browser zero-days to run malware on the researchers' systems. On January 28, Microsoft also reported that attackers most likely used a Chrome zero-day for their attacks.

The proximity of the two events has led security researchers to suspect that it was indeed the CVE-2021-21148 zero-day that was used in the attacks. As a result, all users are being advised to use the Chrome menu bar's About Google Chrome option to upgrade their browser to the latest version as soon as possible.

Google Chrome for Mac is a free download available directly from Google's servers. Google Chrome for iOS is a free download for iPhone and iPad available on the App Store. [Direct Link]

Popular Stories

New Things Your iPhone Can Do in iOS 18

10 New Things Your iPhone Can Do in iOS 18.2

Thursday October 31, 2024 9:42 am PDT by
Apple is set to release iOS 18.2 in December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls incoming as well. ...
best early black friday deals

The Best Early Black Friday Apple Deals

Friday November 1, 2024 8:21 am PDT by
We're officially in the month of Black Friday, which will take place on Friday, November 29 in 2024. As always, this will be the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment,...
M4 Pro on Blue

M4 Pro Chip Benchmark Results Reveal an Extremely Impressive Performance Feat

Thursday October 31, 2024 7:06 pm PDT by
The first Geekbench 6 benchmark results for the M4 Pro chip surfaced today. Impressively, the results that are available so far show that the highest-end M4 Pro chip is faster than the highest-end M2 Ultra chip in terms of peak multi-core CPU performance. Here is a comparison of the results: Mac mini with M4 Pro (14-core CPU): 22,094 multi-core score (average of 11 results) Mac Studio...
Apple iPhone SE 4 5G Modem 1

iPhone SE 4 First to Get Apple-Designed 5G Modem, iPhone 17 Pro to Add Custom Wi-Fi 7 Chip

Friday November 1, 2024 4:04 am PDT by
The iPhone SE 4 that's set to come out early next year is expected to debut Apple's first in-house 5G modem, according to Jeff Pu, an analyst who covers companies within Apple's supply chain. In a research note this week with Hong Kong-based investment firm Haitong International Securities, Pu said Apple is expected to roll out its custom-made 5G modem starting with the next-generation...
ios 18 2 chatgpt plus

iOS 18.2 Beta 2 Shows Siri ChatGPT Limit, Offers 'Plus' Upgrade Option

Monday November 4, 2024 10:54 am PST by
With the second beta of iOS 18.2 that's available for developers today, Apple has further fleshed out the ChatGPT integration that's available with Siri. In the Settings app, there's now a section that shows the ChatGPT daily limit, and offers an option to upgrade to the paid ChatGPT Plus plan. The beta includes an Advanced Capabilities section with a "Daily Limit" reading that shows up as...
M3 Pro Max vs M4 Pro Max Feature

Here's How Much Faster M4 Pro/Max Are for Graphics vs. M3 Pro/Max

Friday November 1, 2024 8:04 am PDT by
Apple's new M4 Pro and M4 Max chips are impressively fast in terms of CPU performance, topping the M2 Ultra, but what about graphics performance? The first Geekbench 6 results for GPU performance are now available for the M4 Pro and M4 Max, and the Metal scores reveal some impressive year-over-year gains. Based on the Metal scores that are available so far, the M4 Pro and M4 Max are up to...
imac video apple feature

What to Expect From Apple This November

Friday November 1, 2024 9:40 am PDT by
After a busy October in which Apple announced new Macs and Apple Intelligence launched, the calendar has now turned to November. Below, we outline what to expect from Apple this month as the slower-but-still-busy holiday season approaches. After seeding the first betas of iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2 with additional Apple Intelligence features last month, Apple will likely...

Top Rated Comments

techpr Avatar
49 months ago
I stopped using and uninstalled Chrome in 2020. Safari and Firefox for me.
Score: 3 Votes (Like | Disagree)
ian87w Avatar
49 months ago
Does this zero-day vulnerability only affect Chrome, or does it affect all Chromium based browsers?
Score: 2 Votes (Like | Disagree)
macdos Avatar
49 months ago
Always these "overflows", there's no end to it, it is just like Flash.

Code in apps and OSs should be rewritten from scratch with something else than C and derivatives, something that doesn't use "pointers", something that is tight from start.
Score: 2 Votes (Like | Disagree)
chucker23n1 Avatar
49 months ago

What about WebKit based browsers like Safari? Is the exploit something Google added since forking for Chromium, or is it something that was separately fixed already for WebKit?
If the bug is in V8, WebKit won't be affected because WebKit's JS engine was never V8. (Chrome choosing its own JS engine happened long before it forked WebKit to Blink.)

If the bug is outside V8, it is indeed possible that WebKit is affected.
Score: 1 Votes (Like | Disagree)
MysticCow Avatar
49 months ago

Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."
"We have discovered a bug where Apple's tracking option will cause Chrome to crash, so we are trying to disable it!"

Internet irony might be lost on this one.

Curious as to what others uses as a backup browsers to Safari? I'm looking to de-google thus Chrome is out, but need a Chromium browser for the occasional website where Safari doesn't place nice.
Firefox with uMatrix and Facebook Container. It works wonders to clear the tracking gunk.
Score: 1 Votes (Like | Disagree)
luvbug Avatar
49 months ago
The Brave browser has already updated the stable release to this latest Chrome build. Just FYI. Edit: "latest Chromium build", which tracks the Chrome build exactly, but excludes the closed-source bits.
Score: 1 Votes (Like | Disagree)