Australia markets closed
  • ALL ORDS

    6,925.70
    -74.90 (-1.07%)
     
  • ASX 200

    6,693.80
    -66.90 (-0.99%)
     
  • AUD/USD

    0.7709
    -0.0011 (-0.14%)
     
  • OIL

    64.35
    +0.52 (+0.81%)
     
  • GOLD

    1,689.90
    -10.80 (-0.64%)
     
  • BTC-AUD

    61,015.17
    -3,720.41 (-5.75%)
     
  • CMC Crypto 200

    939.35
    -47.86 (-4.85%)
     
  • AUD/EUR

    0.6442
    -0.0001 (-0.02%)
     
  • AUD/NZD

    1.0754
    +0.0017 (+0.16%)
     
  • NZX 50

    12,180.25
    -44.25 (-0.36%)
     
  • NASDAQ

    12,464.00
    -219.33 (-1.73%)
     
  • FTSE

    6,650.88
    -24.59 (-0.37%)
     
  • Dow Jones

    30,924.14
    -345.95 (-1.11%)
     
  • DAX

    14,056.34
    -23.69 (-0.17%)
     
  • Hang Seng

    29,043.40
    -193.39 (-0.66%)
     
  • NIKKEI 225

    28,638.42
    -291.69 (-1.01%)
     

Chrome 88 update patches a zero-day that is being actively exploited

Richard Lawler
·Senior News Editor
·2-min read

Google Chrome’s autoupdate feature means we don’t usually need to think about being on the latest version, but occasionally users will want to take a break and make sure they’re upgraded — this is one of those days. The version of Chrome 88 rolling out now for Windows, Mac and Linux (88.0.4324.150) addresses one item, but it’s a big one.

According to a blog post, security researcher Mattias Buelens reported a vulnerability in Chrome’s WebAssembly and JavaScript engine V8, which could allow an attacker to execute code on a victim’s computer. Google didn’t go into detail about the problem, tagged CVE-2021-21148, but said it’s aware of reports the bug is already being exploited in the wild, so update immediately.

In a note, Google said “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” As a result we don’t know what exploit this is tied to, but ZDNet notes the timing puts it close to revelations about a campaign carried out by North Korean hackers that targeted security researchers, which may have relied on zero-day exploits in Chrome and Internet Explorer.

Regardless of where or how the bug is being exploited, you’ll still want to update your browser (and keep an eye out for fixes to other potentially affected software, like other Chromium-based browser) right away. As ZDNet and BleepingComputer noted, this occasionally happens. A notable fix in 2019 required a restart to for the fix to take effect, and there was a stretch last fall where, in one month, Google addressed five zero-days that were being actively exploited.