Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability

Google Chrome Material Icon 450x450Google has released Chrome version 88.0.4324.150 with an important fix for a zero-day vulnerability in the web browser that the company says is likely to have been exploited in the wild.

Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."

However, ZDNet notes that the date on which Google says the bug was reported, January 24, is just two days after Google's Threat Analysis Group reported a hacking campaign carried out by North Korean hackers against the cyber-security community.

Some of the attacks involved luring security researchers to a blog where the attackers exploited browser zero-days to run malware on the researchers' systems. On January 28, Microsoft also reported that attackers most likely used a Chrome zero-day for their attacks.

The proximity of the two events has led security researchers to suspect that it was indeed the CVE-2021-21148 zero-day that was used in the attacks. As a result, all users are being advised to use the Chrome menu bar's About Google Chrome option to upgrade their browser to the latest version as soon as possible.

Google Chrome for Mac is a free download available directly from Google's servers. Google Chrome for iOS is a free download for iPhone and iPad available on the App Store. [Direct Link]

Top Rated Comments

techpr Avatar
13 months ago
I stopped using and uninstalled Chrome in 2020. Safari and Firefox for me.
Score: 3 Votes (Like | Disagree)
ian87w Avatar
13 months ago
Does this zero-day vulnerability only affect Chrome, or does it affect all Chromium based browsers?
Score: 2 Votes (Like | Disagree)
macdos Avatar
13 months ago
Always these "overflows", there's no end to it, it is just like Flash.

Code in apps and OSs should be rewritten from scratch with something else than C and derivatives, something that doesn't use "pointers", something that is tight from start.
Score: 2 Votes (Like | Disagree)
chucker23n1 Avatar
13 months ago

What about WebKit based browsers like Safari? Is the exploit something Google added since forking for Chromium, or is it something that was separately fixed already for WebKit?
If the bug is in V8, WebKit won't be affected because WebKit's JS engine was never V8. (Chrome choosing its own JS engine happened long before it forked WebKit to Blink.)

If the bug is outside V8, it is indeed possible that WebKit is affected.
Score: 1 Votes (Like | Disagree)
MysticCow Avatar
13 months ago

Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."
"We have discovered a bug where Apple's tracking option will cause Chrome to crash, so we are trying to disable it!"

Internet irony might be lost on this one.

Curious as to what others uses as a backup browsers to Safari? I'm looking to de-google thus Chrome is out, but need a Chromium browser for the occasional website where Safari doesn't place nice.
Firefox with uMatrix and Facebook Container. It works wonders to clear the tracking gunk.
Score: 1 Votes (Like | Disagree)
luvbug Avatar
13 months ago
The Brave browser has already updated the stable release to this latest Chrome build. Just FYI. Edit: "latest Chromium build", which tracks the Chrome build exactly, but excludes the closed-source bits.
Score: 1 Votes (Like | Disagree)

Related Stories

google chrome macos big sur

Chrome Used 10X More RAM Than Safari on macOS Big Sur in Recent Test [Updated]

Saturday February 20, 2021 12:52 pm PST by
Under normal and lightweight web browsing, Google Chrome uses 10x more RAM than Safari on macOS Big Sur, according to a test conducted by Flotato creator Morten Just (via iMore). In a blog post, Just outlines that he put both browsers to the test in two scenarios on the latest version of macOS. The first test was conducted on a virtual machine, and the second on a 2019 16-inch MacBook Pro...
Google Chrome Material Icon 450x450

Judge Rules Google Must Face Lawsuit Alleging Chrome Tracks Users in Incognito Mode

Sunday March 14, 2021 6:19 am PDT by
A judge in California has ruled that Google must face a class action lawsuit alleging that it secretly tracks the online activity of Chrome users even when they're using the browser in its privacy-oriented Incognito mode (via Bloomberg). The lawsuit was filed in June by three plaintiffs alleging that Google hoovers up user data through Google Analytics, Google Ad Manager and other applications ...
chrome 90

Chrome 90 Defaults to HTTPS, Adds AV1 Codec for Optimized Video Conferencing

Thursday April 15, 2021 1:09 am PDT by
Google today rolled out Chrome 90 to its stable channel, introducing automatic preference for HTTPS sites over the HTTP protocol, plus some other notable changes. By default, Chrome will now redirect all websites to use the more secure HTTPS protocol. Encrypted using Transport Layer Security (TLS), HTTPS secures communication over networks by authenticating the website and protecting the...
XcodeGhost Featured1

'XcodeGhost' Malware Attack in 2015 Impacted 128 Million iOS Users, According to Trial Documents

Friday May 7, 2021 12:55 pm PDT by
Back in 2015, a malware-infected version of Xcode began circulating in China, and malware-ridden "XcodeGhost" apps made their way into Apple's App Store and past the App Store review team. There were more than 50 known infected iOS apps at the time, including major apps like WeChat, NetEase, and Didi Taxi, with up to 500 million iOS users potentially impacted. It's been a long time since the ...
chrome widget

Chrome for iOS Gains Widget Support With Version 90 Release

Monday May 10, 2021 1:14 pm PDT by
Google today introduced Chrome 90 for iPhones, iPads, and the iPod touch, adding support for new Search and Dino widgets on devices running a version of iOS 14. There are three separate Chrome widgets available. There's a two tile search interface that lets you conduct a quick search with quick access to voice search and incognito mode, a single tile search widget, and a shortcut to play the ...
chrome beta incognito authentication

Google Chrome Beta on iOS Lets You Lock Incognito Tabs With Face ID

Thursday February 11, 2021 1:30 pm PST by
Google is testing a new feature for its Google Chrome app for iOS, which will let Incognito tabs be locked with either Face ID or Touch ID on an iPhone or iPad. As highlighted by 9to5Google, the latest Chrome beta will blur Incognito tabs in the Chrome app until confirmed with the iPhone's biometric authentication. The feature can be enabled by going to Settings > Privacy > Lock Incognito ...
Android 12 vs iOS 14 Feature

Google Previews Android 12 With Deeper Customization and iOS 14-Inspired Privacy Protections

Tuesday May 18, 2021 1:15 pm PDT by
During its Google I/O developers conference today, Google previewed Android 12, the next version of Android that will ship to millions of Android devices around the world later this year. Google is mainly targeting customization as the theme for this year's new release and a new design language that it's calling "Material You." Google says this new design language brings a "humanistic...
speedometer benchmark chrome

Chrome for M1 Macs Runs Up to 80% Faster Than Rosetta 2 Version

Friday November 20, 2020 11:32 am PST by
Google earlier this week released a version of Chrome designed specifically for Apple's M1 Macs, and those with a new MacBook Air, MacBook Pro, or Mac mini will want to download the Apple Silicon specific version of Chrome because it's going to run faster than the x86 version working through Rosetta 2. Following the release of the M1 version of Chrome, Ars Technica did a series of benchmarks ...

Popular Stories

maxresdefault

Review: M1 Max MacBook Pro After Three Months

Wednesday January 19, 2022 11:30 am PST by
It's now been a few months since the M1 Pro and M1 Max MacBook Pro models launched in October, and MacRumors video editor Dan Barbera has been using one of the new machines since they debuted. Over on the MacRumors YouTube channel, Dan has shared a three month review of his MacBook Pro to see how it has held up over time and how it's changed his workflow. Subscribe to the MacRumors YouTube ...
airpodsinear 1

AirPods Save Woman's Life With Feature Everyone Should Know

Friday January 21, 2022 2:13 am PST by
Apple's AirPods have been credited with saving a woman's life after a potentially fatal fall, People reports. When a 60-year-old florist in New Jersey tripped and hit her head in her studio, she lost consciousness and awoke heavily bleeding. With nobody around to call for help, she realized she had her AirPods in, and used a "Hey Siri" command to call 911. An operator was able to stay on the ...
iphone se 2020 top

New iPhone SE Likely to Launch in April Based on Production Timeframe

Wednesday January 19, 2022 6:44 am PST by
Apple suppliers will begin producing display panels for the third-generation iPhone SE this month, with final assembly of the device likely to start in March, according to information shared by display industry consultant Ross Young. Based on this production timeframe, Young believes the third-generation iPhone SE is likely to launch in the second half of April, or perhaps in early May at...
iphone 13 earpods

Apple to Stop Including EarPods With Every iPhone Sold in France From Next Week

Friday January 21, 2022 3:21 am PST by
Apple will no longer include EarPods with every iPhone sold in France, starting on January 24, according to a notice posted by a French carrier (via iGeneration). Apple was previously required to include EarPods in the box with the iPhone due to a French law that required every smartphone sold in the country to come with a "handsfree kit," but the law has now been changed in favor of reducing the ...
Spring 2022 Apple Products Feature

New iPad Air, Macs, and iPhone SE With 5G Likely to Be Announced at Apple Event This Spring

Thursday January 20, 2022 8:32 am PST by
Earlier this week, Bloomberg's Mark Gurman tweeted that Apple "will be holding a spring event" to announce a new iPhone SE and other hardware. In a recent edition of his newsletter, Gurman said the event is likely to occur in March or April. Gurman did not elaborate on what "other hardware" will be announced at Apple's purported spring event, but rumors suggest at least four products are...
appleeducation

Apple's US Education Store Now Requires Institution Verification to Buy Discounted Products

Wednesday January 19, 2022 2:22 am PST by
Apple is now requiring that customers in the United States verify that they're active students, teachers, or staff members at an educational institution in order to access education discounts on products. Previously, little verification was needed for customers to purchase products through Apple's education store in the United States. Apple's education stores offer models of the iPad and Mac ...
AirPods 3 New Firmware Feature

Apple Updates AirPods 3 Firmware to Version 4C170

Tuesday January 18, 2022 11:46 am PST by
Apple today released a new 4C170 firmware update for the AirPods 3, an update from the prior 4C165 that was made available in December. Apple does not offer details on what's included in new firmware updates for the AirPods‌, so we don't know what improvements or bug fixes the new firmware brings. There is no standard way to upgrade the ‌AirPods‌‌ software, but firmware is...
appleprivacyad cleaned

iOS 15 Patched Security Hole That Potentially Exposed Users' Private Apple ID Information to Third-Party Apps

Thursday January 20, 2022 3:32 am PST by
Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update. With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...
apple watch series 7 aluminum colors yellowbg

Apple Watch Charging Bug Fixed in watchOS 8.4 Release Candidate

Thursday January 20, 2022 4:01 pm PST by
The watchOS 8.4 release candidate that was seeded to developers and beta testers this morning addresses an ongoing bug that could cause some Apple Watch chargers not to work properly with the Apple Watch. Back in December, we reported on a growing number of charging issues that Apple Watch Series 7 owners were facing. Since watchOS 8.3, there have been a number of complaints about...