Google Chrome continues to dominate the web browser market with more than two billion users worldwide. The flipside is it also dominates the attention of hackers causing Google to issue its third urgent upgrade warning in a month.
In an official blog post, Google revealed that a new ‘zero-day’ exploit (CVE-2021-30563) has been discovered in Chrome and — like the previous attack — it follows an anonymous tip-off. Unlike the majority of security flaws, a zero-day classification means the exploit has been made public before the company could patch it. Writing on its blog, Google confirmed it “is aware of reports that an exploit for CVE-2021-30563 exists in the wild.”
To combat this new threat, all Chrome users should navigate to Settings > Help > About Google Chrome. If your browser version on Linux, macOS and Windows is listed as 91.0.4472.164 or above you are already safe. If not, manually check for updates then restart the browser once the update is ready. Google has also confirmed that six other ‘High’ level threats are patched in this version of Chrome as well as a single ‘Medium’ level vulnerability.
CVE-2021-30563 is the eighth zero-day vulnerability found in Chrome this year and the third in a month. It is to Google’s credit that it typically releases fixes for zero-day attacks within a few days but their effectiveness is ultimately determined by the speed with which Chrome users update their browsers.
Attacks on Chrome have been particularly prevalent in recent months, most notably from a group of hackers calling themselves PuzzleMaker. The group has been successful in chaining together Chrome zero-day bugs to install malware on Windows systems. Microsoft itself issued an urgent security warning for Windows users about this in June.
As it stands, Chrome users would be wise to watch out for updates and ensure both your browser and operating system are kept up to date.
Follow Gordon on Facebook
More On Forbes
social experiment by Livio Acerbo #greengroundit #thisisnotapost #thisisart