Google patched Chrome for Windows, Mac and Linux Monday (Sept. 13) to fix two zero-day flaws being actively used by hackers in attacks. Nine other vulnerabilities were also fixed. You'll want to update your browser ASAP to make sure you're not a sitting duck.
To update Chrome in Windows or Mac, it's usually enough to just close the browser and relaunch it again. Users of some Linux distributions, however, may have to wait for their distro to package the Chrome fix along with other software updates.
- How to run a Safety Check in Google Chrome
- The best Windows 10 antivirus software
- Plus: I thought Amazon Fire TVs were trash — but the Omni changes that
If relaunching Chrome doesn't update it, then move your mouse cursor up to the three little vertical dots in the top right of the browser window. Click the dots, then move your cursor down to hover over "Help" in the drop-down menu.
A smaller window will pop out to the left. Click "About Google Chrome." Your browser will either tell you that it's up to date or will update itself and then prompt you to relaunch. The version of Chrome that you want to be on right now is 93.0.4577.82 (opens in new tab).
No time to prepare
The two patched zero-day flaws, catalogued as CVE-2021-30632 and CVE-2021-30633, were both reported to Google by anonymous sources (possibly the same source) on Sept. 8.
They're called "zero days" because hackers were already using them in attacks before Chrome found out, giving the developers no time to prepare fixes before exploitation began. These are the first zero-days patched in Chrome since mid-July.
Possible international espionage
There's no information yet on who was using these two zero-days flaws, or who was being targeted. But most of the Chrome zero-days fixed in 2021 have involved highly resourced nation-state attackers — i.e., government spies — going after high-value targets, which can include political dissidents, foreign diplomats or others whose computers and smartphones might contain lots of valuable information.
The other flaws fixed included three in the Blink rendering engines that builds web pages in Chrome, and two in the ANGLE graphics engine. Most of their discoverers were named, but we liked the one identified only as "@SorryMybad."
Chrome shares its open-source Chromium codebase with several other browsers, and not all had been updated yet at the time of this writing. Despite yesterday's (Sept. 14) Patch Tuesday round of Microsoft updates, the Microsoft Edge browser was still based on Chromium 93.0.4577.63, while Opera was even further back with Chromium 92.0.4515.159.
However, both Brave and Vivaldi have updated themselves to the current version of Chromium.
Recent Chrome updates
Here's a list of the Chrome desktop updates in the past six months of 2021.
- Sept. 13: 93.0.4577.82 (opens in new tab)
- Aug. 31: 93.0.4577.63 (opens in new tab)
- Aug. 16: 92.0.4515.159 (opens in new tab)
- Aug. 2: 92.0.4515.131 (opens in new tab)
- July 20: 92.0.4515.107 (opens in new tab)
- July 15: 91.0.4472.164 (opens in new tab)
- June 24: 91.0.4472.123/.124 (opens in new tab)
- June 17: 91.0.4472.114 (opens in new tab)
- June 14: 91.0.4472.106 (opens in new tab)
- June 9: 91.0.4472.101 (opens in new tab)
- May 25: 91.0.4472.77 (opens in new tab)
- May 10: 90.0.4430.212 (opens in new tab)
- April 26: 90.0.4430.93 (opens in new tab)
- April 20: 90.0.4430.85 (opens in new tab)
- April 14: 90.0.4430.72 (opens in new tab)
- April 13: 89.0.4389.128 (opens in new tab)
- March 30: 89.0.4389.114 (opens in new tab)
- March 12: 89.0.4389.90 (opens in new tab)
- March 5: 89.0.4389.82 (opens in new tab)
- March 2: 89.0.4389.72 (opens in new tab)