Google Chrome update patches this major security issue
CVE-2021-21148 is a high severity vulnerability for Google Chrome
Google has released a new update for its Chrome web browser – and this one contains an important security patch. The vulnerability, being tracked as CVE-2021-21148, is reportedly already being exploited in the wild.
The tech firm did not go into much detail about the security flaw in order to avoid alerting other threat actors of the vulnerability. Google also withheld information in case third-party applications were suffering from the same flaw but did not have patches ready for deployment.
The search engine giant did reveal, however, that the bug has been given a severity ranking of “high” and was a heap buffer overflow memory corruption bug found affecting the V8 JavaScript engine. The vulnerability was discovered by security researcher Mattias Buelens, underlining the importance of bug discovery programs for maintaining a secure online environment.
- We've built a list of the best malware removal solutions
- Check out our roundup of the best endpoint protection
- Also, see our list of the best identity theft protection tools
The cleanup continues
Although Chrome’s auto-update feature will deliver the newly patched version of the browser (88.0.4324.150) direct to users, sometimes there can be delays if individuals do not restart Chrome or their computer regularly. Given the severity of this particular vulnerability, it’s probably a good idea to make sure that this update is installed pretty soon.
The lack of detail means that it is unclear which exploits Google has identified involving this vulnerability but ZDNet notes that shortly after Buelens reported on the flaw, Microsoft highlighted a cyberattack by North Korean hackers that it believed leveraged a Chrome zero-day. Therefore, some cybersecurity researchers are drawing connections between the two events.
Chrome’s security teams have certainly been busy of late, with plenty of vulnerabilities being discovered. As well as offering patches for other zero-day bugs, Google has also been working hard to remove malicious extensions from its Web Store as they can allow threat actors to infect unsuspecting users with malware.
- We've also highlighted the best antivirus services around today
Via Engadget
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services. After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.