A new zero-day vulnerability has been discovered in the popular web browser Chrome, with Google noting that the flaw is being exploited by malicious actors. Users should install the updated version of the browser containing the patch as soon as possible.
In traditional Chrome-team fashion, the techies maintaining the world’s most popular web browser for desktops are “delighted to announce the promotion of Chrome 89 to the stable channel for Windows, Mac and Linux.”
“This will roll out over the coming days/weeks,” according to the announcement.
But this is not a feature-centric update. Far from it. Chrome 89.0.4389.72 is mostly a maintenance release, containing a “number of fixes and improvements,” all of which are available to Chromium fans in the official log.
Of those fixes and improvements, a considerable number are security fixes – 47 to be exact. And of those, one is for a high-severity bug that Google reckons is already being exploited by bad actors trying to compromise end users.
“Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild,” according to the announcement.
Reported by Alison Huffman of the Microsoft Browser Vulnerability Research team, CVE-2021-21166 deals with an “object lifecycle issue in audio” components of the browser. Google is keeping a lid on the technicalities. The vulnerability seems to be rooted in two separate bugs, both found by Huffman within a week.
In light of these developments, Chrome users should make updating a priority. To do that, just hit the three-dot button in the top right corner of your browser’s window, go to Settings, choose About Chrome from the sidebar on the left-hand side, and let Chrome fetch your update automatically (if you’re not already up to date). Hit ‘Relaunch’ and you’re done!
As always, keep all your apps and OSes up to date, especially when your vendor pushes out security fixes rated as high-severity or critical.
Stay safe out there!