Update Google Chrome now to fix this dangerous zero-day flaw

News
By published

It's one of several high-priority security fixes for Chrome

Chrome VPN
(Image credit: Future)

It's time to update your Chrome desktop browser on Mac, Windows or Linux once again to fix a dangerous "zero-day" flaw that is already being used to attack computer users.

Few details are yet available about the zero-day flaw. Google's Chrome blog post yesterday (July 15) notes that it involves "type confusion in V8," the JavaScript rendering engine used by Chrome, and that "Google is aware of reports that an exploit for CVE-2021-30563 [the flaw's catalogue number] exists in the wild."

This is the eighth zero-day flaw patched in Chrome this year, according to Bleeping Computer

Earlier this week, Google researchers said a "commercial surveillance company" had developed exploits for two of the older Chrome zero-days and sold them to nation-state intelligence agencies. A day later, Microsoft  and the University of Toronto's Citizen Lab  identified the company as Israeli spyware firm Candiru and said its customers were in the Middle East and the former Soviet Union.

Chrome 91.0.4472.164 patches seven other flaws, two others of which involve vulnerabilities in V8. Most of the flaws are categorized as being "high" severity, indicating that remote-code-execution — hacking over the internet — is possible.

How to update Chrome

To update Chrome on Windows and Mac, try closing and relaunching your browser. If that doesn't work, click the three vertical dots at the top right of the browser window. Scroll down and mouse over Help, then click About Google Chrome. 

A new tab will open and let you know which version of Chrome you have — you want to be on version 91.0.4472.164 — and it will download the update if you need it. After that, simply relaunch the browser.

Most Linux distributions will update Chrome as part of their rolling update schedule, but you might have to fiddle with the software-repository settings to make sure your build reaches out to the Google update servers.

Updating other Chromium-based browsers is similar. In Brave, click the three vertical lines in the top right corner, then scroll down to and click About Brave in the Settings menu. In Microsoft Edge, click the three vertical dots in the top right corner, then scroll down to and mouse over Help and Feedback and click About Microsoft Edge. 

In Opera and Vivaldi, you click the browser icon on the top left, then scroll down to and mouse over Help and select About. 

As of this writing midday Friday (July 16) in New York, none of these other Chromium-based browsers had been updated to the latest version.

Brave uses the same version-numbering system as Chrome and Chromium. Opera and Vivaldi use their own systems, but the Chromium build number is visible on the About pages under User Agent. In Edge, type "edge://version/" into the address bar and hit Enter or Return to see the the Chromium build number under User Agent.

Recent Chrome updates

Here's a list of the most recent Chrome updates so you can check to see if your browser is up to date. 

Paul Wagenseil
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.