Google Chrome under attack via zero-day flaw — what to do now
It's not yet clear who's attacking, but we know how
Update your desktop Chrome browser, because doing so patches a zero-day flaw that's being actively exploited in the wild by undisclosed hackers.
Google's official Chrome blog says only that the vulnerability, given the catalog number CVE-2021-21166, is an "object lifecycle issue in audio" with "high" severity and that Google "is aware of reports" that the flaw is being exploited.
- Google Chrome 89 is here — these are the best new features
- Here's our list of the best Android browsers
- Plus: Brave is taking on Google with its own 'private' search engine
Google's general policy is to not release too many details about vulnerabilities before patches can be widely deployed. This one is considered a zero-day flaw because it was exploited before Chrome was aware the flaw existed.
To update Chrome on Windows and Mac, you often need to just close and then relaunch the browser. But to be sure, click the Settings icon (it looks like three vertical dots) in the top right of the browser window.
In the resulting pop-out menu, slide your cursor down to Help, then slide over and click "About Google Chrome" in the fly-out menu that appears.
Chrome will open a new tab notifying you whether your browser build is up to date. If it isn't, Chrome will download the update automatically, then prompt you to relaunch the browser. You want to end up on version 89.0.4389.72.
Linux distributions generally update the Chrome browser through routine updates covering all installed software.
The discovery of this vulnerability is credited to Alison Huffman of the Microsoft browser vulnerability research team. Huffman is credited with finding two other flaws patched in this week's Chrome update, which patches a total of 47 flaws.
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.
Most Popular
By Tom Wiggins