Google issues warning for 2 billion Chrome users
/https://specials-images.forbesimg.com/imageserve/60c4a04f4d6e8e7e4988ace2/0x0.jpg?cropX1=310&cropX2=3016&cropY1=485&cropY2=2007)
Google Chrome continues to dominate the web browser market with over two billion users worldwide. The flip side is that it also dominates the attention of hackers, forcing Google to issue its third urgent upgrade warning in a month.
Google urged Chrome worldwide to upgrade after discovering serious “zero day” … [+]
LightRocket via Getty Images
In an official blog post, Google revealed that a new zero-day exploit (CVE-2021-30563) was discovered in Chrome and, like the previous attack, it follows anonymous information. Unlike the majority of security vulnerabilities, a zero-day classification means that the exploit was made public before the company could fix it. Writing on his blog, Google confirmed that it “is aware of reports that an exploit for CVE-2021-30563 exists in the wild.”
Little is known about the exploit other than Google’s categorization that it is “type confusion in V8” – which is the open source JavaScript engine at the heart of Chrome. Such secrecy is standard for zero-day bugs, as Google tries to minimize the spread of hackers before Chrome users have a chance to upgrade and protect themselves.
To combat this new threat, all Chrome users need to access Settings> Help> About Google Chrome. If your browser version on Linux, macOS, and Windows is listed as 91.0.4472.164 or higher, you’re already safe. Otherwise, manually check for updates, then restart the browser after the update is ready. Google has also confirmed that six other “high” level threats are corrected in this version of Chrome, as well as a single “medium” vulnerability.
CVE-2021-30563 is the eighth zero-day vulnerability found in Chrome this year and the third in a month. It is to Google’s credit that it typically releases fixes for zero-day attacks within days, but their effectiveness is ultimately determined by how quickly Chrome users update their browsers.
Attacks on Chrome have been particularly prevalent in recent months, especially from a group of hackers calling themselves PuzzleMaker. The group managed to string together Chrome’s Zero Day bugs to install malware on Windows systems. Microsoft itself issued an urgent security warning to Windows users about this in June.
As it stands, Chrome users would do well to watch for updates and make sure your browser and operating system are up to date.
___
Follow Gordon on Facebook
More on Forbes
Google Confirms 7th Chrome Zero Day Vulnerability, Upgrade Now
Chrome’s ‘Zero Day’ Exploit Revealed, Google Pushes Urgent Upgrade