Google Chrome continues to dominate the web browser market with more than two billion users worldwide. The downside is that it is also dominating the attention of hackers, leading Google to issue its third urgent upgrade warning in a month.
In an official blog post, Google revealed that a new “zero-day” exploit (CVE-2021-30563) had been discovered in Chrome and, like the previous attack, followed an anonymous tip. Unlike most vulnerabilities, a zero-day classification means that the exploit was released before the company could patch it. On its blog, Google confirmed that it is “aware of reports that an exploit for CVE-2021-30563 exists in the wild.”
To combat this new threat, all Chrome users should Settings> Help> About Google Chrome. If your browser version is listed as 91.0.4472.164 or higher on Linux, macOS, and Windows, you’re already safe. If not, check for updates manually and restart your browser when the update is ready. Google has also confirmed that six other high-level threats are patched in this version of Chrome, as well as a single medium-level vulnerability.
CVE-2021-30563 is the eighth zero-day vulnerability found in Chrome this year and the third in a month. It’s thanks to Google that it usually releases fixes for zero-day attacks in a matter of days, but their effectiveness is ultimately determined by the speed at which Chrome users update their browsers.
Attacks on Chrome have been particularly widespread in the past few months, particularly from a group of hackers called PuzzleMaker. The group succeeded in chaining together Chrome zero-day bugs in order to install malware on Windows systems. Microsoft itself issued an urgent security warning for Windows users in June.
As it stands, Chrome users should watch out for updates and make sure that both your browser and operating system are up to date.
Follow Gordon on Facebook
More about Forbes
Google confirms the 7th Chrome zero-day vulnerability, upgrade now
Chrome’s “zero day” exploit revealed, Google pushes for urgent upgrade