You Need to Update Chrome Right Now

Illustration for article titled You Need to Update Chrome Right Now
Photo: Jeff Chiu (AP)

If you use Google Chrome, you need to stop reading this and update your browser this very second.

Google on Thursday released the latest update to its popular browser (version 88.0.4324.150), which patches a critical zero-day vulnerability that hackers have already exploited.

To check for Chrome updates, click on Chrome in the menu, then About Google Chrome, or simply put chrome://settings/help in the address bar.

Advertisement

A zero-day vulnerability is, basically, an exploitable flaw that the software maker doesn’t know about and thus cannot issue a patch. In this case, Google said, the vulnerability was a “heap buffer overflow” flaw in the V8 JavaScript engine, which powers Chrome.

Google said the vulnerability, dubbed “CVE-2021-21148,” was reported to the company on Jan. 24 by software developer Mattias Buelens. “Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” the company said.

While Google didn’t expand on what those “reports” are, the day after Buelens filed the bug report, Google’s Threat Analysis Group published a report detailing a campaign by what they believe were North Korean nation-state hackers against a slew of cybersecurity professionals. Three days later, on Jan. 28, Microsoft security researchers published their own report, further detailing the hacking campaign by the hacking group, which they dubbed “ZINC” and is also known as “Lazarus.”

Advertisement

Hopefully, the new Chrome patch locks out those hackers and anyone else who knew about the CVE-2021-21148 zero-day. (Again, it’s possible they exploited a different vulnerability, but the timing of all these reports suggest they’re connected.) Regardless, Chrome users should make sure to update the browser immediately.

Deputy Editor, Gizmodo

Share This Story

Get our `newsletter`

DISCUSSION

If you use Google Chrome, you need to stop reading this and update your browser this very second.

But I had to read to the end to learn how to update my browser.