Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability
Google has released Chrome version 88.0.4324.150 with an important fix for a zero-day vulnerability in the web browser that the company says is likely to have been exploited in the wild.
Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."
However, ZDNet notes that the date on which Google says the bug was reported, January 24, is just two days after Google's Threat Analysis Group reported a hacking campaign carried out by North Korean hackers against the cyber-security community.
Some of the attacks involved luring security researchers to a blog where the attackers exploited browser zero-days to run malware on the researchers' systems. On January 28, Microsoft also reported that attackers most likely used a Chrome zero-day for their attacks.
The proximity of the two events has led security researchers to suspect that it was indeed the CVE-2021-21148 zero-day that was used in the attacks. As a result, all users are being advised to use the Chrome menu bar's About Google Chrome option to upgrade their browser to the latest version as soon as possible.
Google Chrome for Mac is a free download available directly from Google's servers. Google Chrome for iOS is a free download for iPhone and iPad available on the App Store. [Direct Link]
Related Stories
Tuesday September 28, 2021 5:59 am PDT by
Sami FathiIn a new blog post titled "Bring the best of Google to your iPhone," Google is on an endeavor to convince new iPhone 13 users to transform their device’s home screen to look like Android.
The blog post, written by Google's director for the iOS platform, features screenshots of an iPhone 13 home screen filled with Google apps and widgets. The post implies that customers should possibly...
Google today rolled out Chrome 90 to its stable channel, introducing automatic preference for HTTPS sites over the HTTP protocol, plus some other notable changes. By default, Chrome will now redirect all websites to use the more secure HTTPS protocol. Encrypted using Transport Layer Security (TLS), HTTPS secures communication over networks by authenticating the website and protecting the...
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.
Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...
A bug in iOS 15 and iPadOS 15 is preventing Safari from loading AMP links for Google search results, but the issue is not intentional and Google is preparing a fix that's set to be released in the near future.
Developer Jeff Johnson today published a blog post speculating on whether Google had intentionally disabled AMP links for Google search results in Safari on devices running iOS 15 (via ...
The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.
As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses...
The Google One app for iPhone and iPad appears to have mysteriously disappeared from the App Store this morning, and it is no longer available for download.
As noted on Reddit, attempting to download the Google One app in the United States and Canada pops up an error message that says "App Not Available."
It is not clear why the app has been removed from the App Store at this time, and...
Google today announced that its annual Google I/O developers conference is set to take place on Wednesday, May 11, and Thursday, May 12, about a month ahead of when we're expecting Apple to hold the annual Worldwide Developers Conference.
Alphabet CEO Sundar Pichai shared the news this afternoon, and he said the event will be "live from Shoreline Amphitheatre," with the content available...
Apple requires all apps that browse the web in iOS and iPadOS to use its own browser engine, WebKit, but amid accusations of anti-competitive conduct, should it continue to effectively ban rival browser engines?
Big tech has been gripped by accusations of anti-competitive conduct in recent times, with Chief Executive of the UK's Competition and Markets Authority (CMA) Andrea Coscelli...
Popular Stories
The standard 41mm and 45mm models of the Apple Watch Series 8 will feature the same design as the Apple Watch Series 7, according to Twitter user @ShrimpApplePro, who was first to reveal that iPhone 14 Pro models would feature a new pill-and-hole display.
Titanium will not be an option for the standard Apple Watch Series 8 models either, according to @ShrimpApplePro, but Bloomberg's Mark...
Apple has "started to record" its virtual September event, where it's expected to announce the upcoming iPhone 14 lineup, the Apple Watch Series 8, and a new "rugged" Apple Watch model, according to Bloomberg's Mark Gurman. Writing in his latest Power On newsletter, Gurman says the event, which is expected to take place in the early part of September, is already under production, implying...
With August upon us, the countdown is officially on. We're just weeks away from when we're expecting Apple to announce the iPhone 14 lineup. Rumors of the next iPhone start early in the year, and as a result, some details about the upcoming device sometimes get lost in the crowd.
Exclusive MacRumors iPhone 14 Pro renders by graphic designer Ian Zelbo To help MacRumors readers, we've created a ...
You've probably experienced visiting a website like Reddit or LinkedIn on your iPhone only to be greeted with an annoying, almost full-screen pop-up urging you to view the content in their app instead of on the website.
It's a common practice for websites that have accompanying iOS apps to push users to open (if they already have the app installed) or download their app from the App Store to ...
The big Apple news this week was word that the upcoming iPadOS 16 update apparently won't be arriving alongside its counterpart update for the iPhone in September, largely due to a need to continue refining the new Stage Manager multitasking feature.
Other popular stories this week included more hints about the iPhone 14 Pro's rumored always-on display, potential design leaks for the...
Top Rated Comments
Code in apps and OSs should be rewritten from scratch with something else than C and derivatives, something that doesn't use "pointers", something that is tight from start.
If the bug is outside V8, it is indeed possible that WebKit is affected.
Internet irony might be lost on this one.
Firefox with uMatrix and Facebook Container. It works wonders to clear the tracking gunk.