Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability

Google Chrome Material Icon 450x450Google has released Chrome version 88.0.4324.150 with an important fix for a zero-day vulnerability in the web browser that the company says is likely to have been exploited in the wild.

Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."

However, ZDNet notes that the date on which Google says the bug was reported, January 24, is just two days after Google's Threat Analysis Group reported a hacking campaign carried out by North Korean hackers against the cyber-security community.

Some of the attacks involved luring security researchers to a blog where the attackers exploited browser zero-days to run malware on the researchers' systems. On January 28, Microsoft also reported that attackers most likely used a Chrome zero-day for their attacks.

The proximity of the two events has led security researchers to suspect that it was indeed the CVE-2021-21148 zero-day that was used in the attacks. As a result, all users are being advised to use the Chrome menu bar's About Google Chrome option to upgrade their browser to the latest version as soon as possible.

Google Chrome for Mac is a free download available directly from Google's servers. Google Chrome for iOS is a free download for iPhone and iPad available on the App Store. [Direct Link]

Top Rated Comments

techpr Avatar
20 months ago
I stopped using and uninstalled Chrome in 2020. Safari and Firefox for me.
Score: 3 Votes (Like | Disagree)
ian87w Avatar
20 months ago
Does this zero-day vulnerability only affect Chrome, or does it affect all Chromium based browsers?
Score: 2 Votes (Like | Disagree)
macdos Avatar
20 months ago
Always these "overflows", there's no end to it, it is just like Flash.

Code in apps and OSs should be rewritten from scratch with something else than C and derivatives, something that doesn't use "pointers", something that is tight from start.
Score: 2 Votes (Like | Disagree)
chucker23n1 Avatar
20 months ago

What about WebKit based browsers like Safari? Is the exploit something Google added since forking for Chromium, or is it something that was separately fixed already for WebKit?
If the bug is in V8, WebKit won't be affected because WebKit's JS engine was never V8. (Chrome choosing its own JS engine happened long before it forked WebKit to Blink.)

If the bug is outside V8, it is indeed possible that WebKit is affected.
Score: 1 Votes (Like | Disagree)
MysticCow Avatar
20 months ago

Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."
"We have discovered a bug where Apple's tracking option will cause Chrome to crash, so we are trying to disable it!"

Internet irony might be lost on this one.

Curious as to what others uses as a backup browsers to Safari? I'm looking to de-google thus Chrome is out, but need a Chromium browser for the occasional website where Safari doesn't place nice.
Firefox with uMatrix and Facebook Container. It works wonders to clear the tracking gunk.
Score: 1 Votes (Like | Disagree)
luvbug Avatar
20 months ago
The Brave browser has already updated the stable release to this latest Chrome build. Just FYI. Edit: "latest Chromium build", which tracks the Chrome build exactly, but excludes the closed-source bits.
Score: 1 Votes (Like | Disagree)

Related Stories

google iphone home screen

Google Basically Wants Your iPhone 13 Home Screen to Look Like Android

Tuesday September 28, 2021 5:59 am PDT by
In a new blog post titled "Bring the best of Google to your iPhone," Google is on an endeavor to convince new iPhone 13 users to transform their ‌device’s home screen to look like Android. The blog post, written by Google's director for the iOS platform, features screenshots of an iPhone 13 home screen filled with Google apps and widgets. The post implies that customers should possibly...
chrome 90

Chrome 90 Defaults to HTTPS, Adds AV1 Codec for Optimized Video Conferencing

Thursday April 15, 2021 1:09 am PDT by
Google today rolled out Chrome 90 to its stable channel, introducing automatic preference for HTTPS sites over the HTTP protocol, plus some other notable changes. By default, Chrome will now redirect all websites to use the more secure HTTPS protocol. Encrypted using Transport Layer Security (TLS), HTTPS secures communication over networks by authenticating the website and protecting the...
powerdir exploit microsoft

Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update

Monday January 10, 2022 9:17 am PST by
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data. Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...
iOs 15 Safari Feature

Google to Fix Bug That Disables Safari AMP Search Results on iOS 15 Devices

Wednesday October 6, 2021 2:55 pm PDT by
A bug in iOS 15 and iPadOS 15 is preventing Safari from loading AMP links for Google search results, but the issue is not intentional and Google is preparing a fix that's set to be released in the near future. Developer Jeff Johnson today published a blog post speculating on whether Google had intentionally disabled AMP links for Google search results in Safari on devices running iOS 15 (via ...
safari icon blue banner

macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity

Thursday January 20, 2022 1:30 pm PST by
The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities. As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses...
google one app

Google One Disappears From App Store a Day After VPN Launch [Update: Google One is Back in the App Store]

Wednesday February 2, 2022 12:01 pm PST by
The Google One app for iPhone and iPad appears to have mysteriously disappeared from the App Store this morning, and it is no longer available for download. As noted on Reddit, attempting to download the Google One app in the United States and Canada pops up an error message that says "App Not Available." It is not clear why the app has been removed from the App Store at this time, and...
Google Logo Feature Slack

Google I/O to Take Place in May, Will Once Again Be Online

Wednesday March 16, 2022 3:16 pm PDT by
Google today announced that its annual Google I/O developers conference is set to take place on Wednesday, May 11, and Thursday, May 12, about a month ahead of when we're expecting Apple to hold the annual Worldwide Developers Conference. Alphabet CEO Sundar Pichai shared the news this afternoon, and he said the event will be "live from Shoreline Amphitheatre," with the content available...
webkit vs chromium feature

Should Apple Continue to Ban Rival Browser Engines on iOS?

Friday February 25, 2022 7:39 am PST by
Apple requires all apps that browse the web in iOS and iPadOS to use its own browser engine, WebKit, but amid accusations of anti-competitive conduct, should it continue to effectively ban rival browser engines? Big tech has been gripped by accusations of anti-competitive conduct in recent times, with Chief Executive of the UK's Competition and Markets Authority (CMA) Andrea Coscelli...

Popular Stories

iPhone 14 Pro Purple Rear Flat MacRumors Exclusive

iPhone 14 Pro Predicted to Start With Increased 256GB Storage Alongside Rumored Price Increase

Wednesday August 10, 2022 11:14 am PDT by
Earlier today, analyst Ming-Chi Kuo claimed iPhone 14 Pro models will be more expensive than iPhone 13 Pro models. Kuo did not reveal exact pricing, but he said that the average selling price of all four iPhone 14 models will increase by about 15% overall. While higher prices would be disappointing for customers, it is possible the iPhone 14 Pro and iPhone 14 Pro Max will offer increased...
iOS 16 battery percentage

Apple Limiting iOS 16 Beta 5 Battery Percentage Display to Select iPhones: Here Are the Supported Devices

Tuesday August 9, 2022 2:51 am PDT by
Apple this week brought back one of the most highly requested features from iOS users since the launch of the iPhone X in 2017: the ability to see your battery percentage directly in the status bar. Ever since the launch of the iPhone X with the notch, Apple has not allowed users to show their battery percentage directly in the status bar, forcing them to swipe down into Control Center to...
iPhone 14 Pro Lineup Feature Silver

Kuo: Apple to Increase Prices of iPhone 14 Pro Models

Wednesday August 10, 2022 8:22 am PDT by
Apple plans to increase the prices of iPhone 14 Pro models compared to iPhone 13 Pro models, according to analyst Ming-Chi Kuo. Kuo did not reveal exact pricing for the iPhone 14 Pro models. However, in a tweet today, he estimated that the average selling price of the iPhone 14 lineup as a whole will increase by about 15% compared to the iPhone 13 lineup. In the United States, the iPhone...
ios 16 beta 5 battery percent

iOS 16 Beta 5: Battery Percentage Now Displayed in iPhone Status Bar

Monday August 8, 2022 10:43 am PDT by
With the fifth beta of iOS 16, Apple has updated the battery icon on iPhones with Face ID to display the specific battery percentage rather than just a visual representation of battery level. The new battery indicator is available on iPhone 12 and iPhone 13 models, with the exception of the 5.4-inch iPhone 12/13 mini. It is also available on the iPhone 11 Pro and Pro Max, XS and XS Max, and...
battery percentage ios 16

Here's Why the iPhone Battery Status Icon in iOS 16 Is So Controversial

Wednesday August 10, 2022 4:34 am PDT by
In the latest iOS 16 beta, Apple has updated the status bar battery icon on iPhones with Face ID to display the exact percentage remaining rather than just a visual representation of battery level, and while the change has been largely welcomed, some users are unhappy with the way it has been implemented. In iOS 15 and earlier, battery percent has not been present on iPhones that have...
iPhone 14 Pro Purple Front and Back MacRumors Exclusive feature

iPhone 14 Is Just a Few Weeks Away: Three Tips to Prepare for the New iPhone

Wednesday August 10, 2022 4:08 am PDT by
The launch of the new iPhone 14 is just a few weeks away, meaning millions of iPhone customers will soon upgrade their existing iPhone or perhaps get an iPhone for the first time. Exclusive MacRumors iPhone 14 Pro renders by graphic designer Ian Zelbo Whether upgrading from an older model or this is your first iPhone, we've rounded up a few tips to help you prepare for the next flagship...
iPhone 14 Lineup Feature Purple

Color Options for All iPhone 14 Models: Everything We Know

Monday August 8, 2022 3:59 am PDT by
The iPhone 14 and iPhone 14 Pro models are rumored to be available in a refreshed range of color options, including an all-new purple color. Most expectations about the iPhone 14 lineup's color options come from an unverified post on Chinese social media site Weibo earlier this year. Overall, the iPhone 14 and iPhone 14 Pro's selection of color options could look fairly similar to those of the ...