If You Use Google Chrome, Urgently Update It

A dangerous vulnerability has been discovered in Google Chrome that is already being exploited by hackers. Experts from Kaspersky advise to update the browser as soon as possible to version 88.0.4324.150, which fixes this vulnerability.

The CVE-2021-21148 critical vulnerability exists in all versions of Google Chrome designed for personal computers across all major operating systems including Windows, MacOS, and Linux. According to current information, this vulnerability allows attackers to perform a heap overflow attack, through which they can execute arbitrary code on the victim's computer.

To successfully exploit this vulnerability, attackers only need to create a specific web page and trick the victim into visiting it. As a result, they can take control of the affected system.

The vulnerability affects the JavaScript V8 engine used in the browser. Google became aware of this vulnerability on January 24 from researcher Matthias Buelens, and already released a patch on February 4. Unknown hackers are actively exploiting CVE-2021-21148 for attacks, according to the company’s experts, who note that, as always, Google is hesitant to disclose details until a significant portion of Chrome users have updated their browsers. This is understandable, as otherwise the number of attackers exploiting the vulnerability could increase.

To protect against CVE-2021-21148 in Google Chrome:

1. Immediately update on all computers. To do this, click the three dots in the upper right corner of the browser and go to Settings -> About Chrome. The browser should then update automatically.
2. Be sure to restart the browser for the updates to take effect; it's better to do this right away. Don’t delay the restart due to concerns about losing necessary tabs, as modern versions of Chrome usually restore tabs accurately after restarting.
3. If the version number 88.0.4324.150 is visible in the Settings -> About Chrome window, then the browser has already been updated, and the CVE-2021-21148 vulnerability is no longer a threat.