Update Google Chrome now — important zero-day flaw exposed

Update Google Chrome now — important zero-twenty-four hour period flaw exposed

(Image credit: Shutterstock)

Google has pushed out a new version of Chrome for Windows, macOS and Linux to patch a goose egg-twenty-four hours flaw that is existence actively exploited in the wild.

The update takes Chrome to version number 88.0.4324.150. You tin bank check where your Chrome installation is past going to Settings (the iii stacked dots in the upper right corner) > Assistance > Nigh Google Chrome. Opening that page will forcefulness Chrome to update if information technology hasn't already.

Google Chrome on Android but got an upgrade iPhone users accept had for years
Chrome vs. Firefox vs. Microsoft Edge: Which browser uses the most RAM?
Plus: Beware links to Discord'southward website — it could be malware

Other browsers that share Chrome'south code may not have caught up still. At the time of this writing, Brave was still stuck on the previous version. Microsoft Edge had an update set up, just because its version-numbering scheme is dissimilar, we can't quite tell if it fixes the Chrome flaw.

Google didn't provide many details about the flaw existence fixed in its Chrome release bulletin, only did say it addresses a "heap buffer overflow in V8," Chrome's JavaScript engine. That means the flaw lets a process overflow the memory limitations for JavaScript processes and then inject code into them.

The flaw has been given the catalog number CVE-2021-21148, and Google said information technology was "aware of reports that an exploit ... exists in the wild."

The flaw was reported to Google by an independent security researcher named Mattias Buelens on Jan. 24. That was the mean solar day before Google disclosed a North Korean espionage entrada confronting security researchers that used flaws in Chrome and Cyberspace Explorer, so there may exist some connection.

Paul Wagenseil is a senior editor at Tom'southward Guide focused on security and privacy. He has besides been a dishwasher, fry cook, long-haul commuter, code monkey and video editor. He's been rooting around in the data-security space for more 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and fifty-fifty moderated a panel word at the CEDIA dwelling house-technology conference. You can follow his rants on Twitter at @snd_wagenseil.