Google Chrome retains an iron grip on the web browser market share with well over two billion users. Unfortunately, all those users need to be on high alert because Google has just issued its second urgent upgrade warning in a week.
In an official blog post, Google has confirmed that a new ‘zero-day’ exploit has been found in Chrome after an anonymous tip-off. Most security flaws are discovered and patched before they get out into the wild, but a zero-day classification means the vulnerability is known to hackers and actively being exploited.
Little is known about the vulnerability (CVE-2021-30554) other than it being found in WebGL, a JavaScript API for rendering. It is standard practice for Google to keep zero-day details to a minimum to buy Chrome users more time to upgrade. “Google is aware that an exploit for CVE-2021-30554 exists in the wild,” is all Chrome technical program manager Srinivas Sista has said.
To combat this threat, Chrome users should immediately go to Settings > Help > About Google Chrome. If your browser version on Linux, macOS, and Windows is listed as 91.0.4472.114 or above you are safe. If not, manually check for updates and restart the browser once the update is ready. Google also confirmed that three other ‘High’ level threats are patched in this version of Chrome.
Google will soon enforce the use of two-step verification for Google accounts
CVE-2021-30554 is the seventh zero-day vulnerability found in Chrome since the turn of the year and the second in a week. Google typically does a fine job releasing fixes quickly but their effectiveness is also determined by the speed with which Chrome users update their browsers.
Chrome users would also be wise to be extra vigilant at this time. Speaking to BleepingComputer last week, security vendor Kaspersky warned that a new group of hackers calling themselves ‘PuzzleMaker’ have been successful in chaining together Chrome zero-day bugs to install malware on Windows systems. Microsoft itself issued an urgent security warning for Windows users about this last week.
Right now, it appears to be high season for Chrome hackers so stay alert and make sure both your browser and operating system security are kept up to date.
Source: Forbes