Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability
Google has released Chrome version 88.0.4324.150 with an important fix for a zero-day vulnerability in the web browser that the company says is likely to have been exploited in the wild.
Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."
However, ZDNet notes that the date on which Google says the bug was reported, January 24, is just two days after Google's Threat Analysis Group reported a hacking campaign carried out by North Korean hackers against the cyber-security community.
Some of the attacks involved luring security researchers to a blog where the attackers exploited browser zero-days to run malware on the researchers' systems. On January 28, Microsoft also reported that attackers most likely used a Chrome zero-day for their attacks.
The proximity of the two events has led security researchers to suspect that it was indeed the CVE-2021-21148 zero-day that was used in the attacks. As a result, all users are being advised to use the Chrome menu bar's About Google Chrome option to upgrade their browser to the latest version as soon as possible.
Google Chrome for Mac is a free download available directly from Google's servers. Google Chrome for iOS is a free download for iPhone and iPad available on the App Store. [Direct Link]
Related Stories
Saturday February 20, 2021 12:52 pm PST by
Sami FathiUnder normal and lightweight web browsing, Google Chrome uses 10x more RAM than Safari on macOS Big Sur, according to a test conducted by Flotato creator Morten Just (via iMore).
In a blog post, Just outlines that he put both browsers to the test in two scenarios on the latest version of macOS. The first test was conducted on a virtual machine, and the second on a 2019 16-inch MacBook Pro...
A judge in California has ruled that Google must face a class action lawsuit alleging that it secretly tracks the online activity of Chrome users even when they're using the browser in its privacy-oriented Incognito mode (via Bloomberg).
The lawsuit was filed in June by three plaintiffs alleging that Google hoovers up user data through Google Analytics, Google Ad Manager and other applications ...
Google today rolled out Chrome 90 to its stable channel, introducing automatic preference for HTTPS sites over the HTTP protocol, plus some other notable changes. By default, Chrome will now redirect all websites to use the more secure HTTPS protocol. Encrypted using Transport Layer Security (TLS), HTTPS secures communication over networks by authenticating the website and protecting the...
Back in 2015, a malware-infected version of Xcode began circulating in China, and malware-ridden "XcodeGhost" apps made their way into Apple's App Store and past the App Store review team.
There were more than 50 known infected iOS apps at the time, including major apps like WeChat, NetEase, and Didi Taxi, with up to 500 million iOS users potentially impacted. It's been a long time since the ...
Google today introduced Chrome 90 for iPhones, iPads, and the iPod touch, adding support for new Search and Dino widgets on devices running a version of iOS 14.
There are three separate Chrome widgets available. There's a two tile search interface that lets you conduct a quick search with quick access to voice search and incognito mode, a single tile search widget, and a shortcut to play the ...
Google is testing a new feature for its Google Chrome app for iOS, which will let Incognito tabs be locked with either Face ID or Touch ID on an iPhone or iPad.
As highlighted by 9to5Google, the latest Chrome beta will blur Incognito tabs in the Chrome app until confirmed with the iPhone's biometric authentication.
The feature can be enabled by going to Settings > Privacy > Lock Incognito ...
During its Google I/O developers conference today, Google previewed Android 12, the next version of Android that will ship to millions of Android devices around the world later this year. Google is mainly targeting customization as the theme for this year's new release and a new design language that it's calling "Material You." Google says this new design language brings a "humanistic...
Google earlier this week released a version of Chrome designed specifically for Apple's M1 Macs, and those with a new MacBook Air, MacBook Pro, or Mac mini will want to download the Apple Silicon specific version of Chrome because it's going to run faster than the x86 version working through Rosetta 2.
Following the release of the M1 version of Chrome, Ars Technica did a series of benchmarks ...
Google today rolled out its live caption transcription feature to version 89 of Chrome browser for desktop, as first spotted by XDA Developers. Previously only available on some Pixel and Samsung phones, Live Captions uses machine learning to create a real-time transcription for videos or audio played through the browser, making online media more accessible for members of the Deaf community ...
With Apple Silicon Macs now out in the wild and in the hands of customers, Google has developed a new version of Chrome that's designed for the machines. Chrome 87, released today, comes in a version that's optimized for Apple Silicon.
As noted on by the Chrome team on Twitter, the rollout of the feature has hit a "snag" and it has been temporarily paused for the time being.
Chrome for...
Top Rated Comments
Code in apps and OSs should be rewritten from scratch with something else than C and derivatives, something that doesn't use "pointers", something that is tight from start.
If the bug is outside V8, it is indeed possible that WebKit is affected.
Internet irony might be lost on this one.
Firefox with uMatrix and Facebook Container. It works wonders to clear the tracking gunk.