Chrome Zero-Day Bug: Update Now

John Lister's picture

If you use Chrome, you need to make sure it's up to date. The browser has been hit by a dreaded zero-day flaw.

In this case, hackers are aware of the bug and are actively exploiting it before Google has a chance to issue a security patch. The name comes from the fact that Google has "zero days" head start in getting the patches out.

Google confirmed that it "is aware of reports that an exploit for CVE-2021-21166 [the bug in question] exists in the wild." (Source: googleblog.com)

High Severity Flaw

The security flaw is rated as "high severity" on Google's rankings of how much damage it could do. That's the second highest level, below only "critical".

Examples of damage at this level include attackers running code on a computer or reading data without permission. In this case, a computer connected to the Internet running the Chrome browser is all that is needed to be infected with malware.

It can also cover cases where an attacker can read or alter key system data (such as the file system or registry) but where a mitigating factor limits the potential damage.

As often happens, Google has kept exactly what the vulnerability entails under wraps, a policy it believes will reduce the risk of tipping off even more hackers about what the bug is or how to exploit it. It's simply described it as "Object lifecycle issue in audio" and following a link for more details brings up an error message. (Source: tomsguide.com)

Close Chrome To Update

The good news is that Chrome will normally automatically apply the security fix whenever it is closed and closed and reopened. Users may need to close all Chrome tabs and windows to trigger this.

Given the severity and zero-day nature of this bug, it may be worth double-checking the browser is up to date. To do this, users can click on the settings menu icon, which is the three vertical dots in the top right corner of Chrome, just below the X button for closing the browser.

From here, users should click "Settings" and then "About Chrome" on the following screen. The screen then either show a blue tick and a note that "Google Chrome is up to date" or show an option to update the browser.

What's Your Opinion?

Do you use Chrome? Do you pay any attention to updates or leave it to take care of itself? What's the longest you usually leave browser windows open for?

Rate this article: 
Average: 4.9 (8 votes)

Comments

ehowland's picture

It would be nice if article said (is edityed to say) as long as you have "xyz.xyz.xyz or higher your device is patched and not vulnerable to this vulnerability..."

matt_2058's picture

Agree 100% that the update version would be helpful.

FYI, as of 0053 hrs EST USA, 0553 GMT, 20210305:

Google Chrome is up to date
Version 89.0.4389.72 (64-bit)

ehowland's picture

Yes, I too have that version (1:32AM EST)

Google Chrome is up to date
Version 89.0.4389.72 (Official Build) (64-bit)

We have Ninite on our devices and the new Ninite pro WebView feature is superb, so it's super easy now to see current version and update if needed. Big thumbs up for NinitePro...