Google released the latest version of the its Chrome web browser yesterday (88.0.4324.150), and Chrome 88 is a very important update all users should grab immediately.
As ZDNet reports, Chrome 88 fixes a zero-day vulnerability known as CVE-2021-21148. It was reported by security researcher Mattias Buelens back on Jan. 24, but Google discovered it was being exploited by hackers before the vulnerability could be patched out of the browser.
The exploit allowed Chrome users to be targeted and malicious code run on their systems thanks to a memory corruption problem in Google’s V8 JavaScript engine, which forms part of the Chrome browser. Although Google hasn’t confirmed it, the exploit is thought to be what allowed security researchers to be targeted by North Korean hackers on social media last month. Microsoft Threat Intelligence Center attributed the targeted campaign to ZINC, “a DPRK-affiliated and state-sponsored group.”
If you haven’t updated to Chrome 88 then your browser remains susceptible to the exploit. If you want evidence of how serious of a vulnerability it is, Google is restricting access to the bug details “until a majority of users are updated with a fix.”
Chrome should update automatically, but you can manually trigger an update by clicking “More” in the top right corner of the browser. Then click “Update Google Chrome” if it’s available to click, if not, then you’re up-to-date. Once the update is installed, a browser relaunch will most likely be required.