Google released the latest version of its Chrome web browser yesterday (Version 88.0.4324.150). The update is rolling out now across Windows, Mac, and Linux.
It’s more important than usual to update to ensure you’re running the latest version of Chrome.
The update fixes a vulnerability which the search giant says is actively being exploited in the wild. As ZDNet reports, Chrome 88 fixes a zero-day vulnerability known as CVE-2021-21148. While there isn’t yet a lot of information on the vulnerability, we do know (thanks to ZDNet) that the date Google says the bug was reported on (January 24th) is just one day before Google’s Threat Analysis Group publicly disclosed a hacking campaign that appeared to be relying, in part, on an unpatched vulnerability in Chrome. And although Google hasn’t confirmed it, the exploit is thought to be what allowed security researchers to be targeted by North Korean hackers on social media last month. Microsoft Threat Intelligence Center attributed the targeted campaign to ZINC, “a DPRK-affiliated and state-sponsored group.”
If you haven’t yet updated to Chrome 88, then your browser remains susceptible to the exploit. If you want evidence of how serious of a vulnerability it is, Google is restricting access to the bug details “until a majority of users are updated with a fix.” A little seedy? Yes.
Although the browser’s update process is basically automatic, you can manually trigger an update in the “About Google Chrome” menu. If it’s available, click Update Google Chrome; if not, then you’re up-to-date. Once the update is installed, the browser will relaunch and you’re good to go.