Update your Chrome: Google releases important security fix
A Chrome security weakness is still being exploited in the wild. This is an update you don't want to skip.
Rae HodgeFormer senior editor
Rae Hodge was a senior editor at CNET. She led CNET's coverage of privacy and cybersecurity tools from July 2019 to January 2023. As a data-driven investigative journalist on the software and services team, she reviewed VPNs, password managers, antivirus software, anti-surveillance methods and ethics in tech. Prior to joining CNET in 2019, Rae spent nearly a decade covering politics and protests for the AP, NPR, the BBC and other local and international outlets.
The details about the vulnerability, called CVE-2021-21148, are currently being kept under wraps "until a majority of users are updated with a fix," according to a post on Google's security update blog on Thursday. The discretion is typical of companies facing security risks that are still widely active, but Google did note that the bug was being used in attacks before it was reported to engineers by user Mattias Buelens on Jan. 24.
"Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the company said in a blog post. "We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel."
Just two days after Buelens brought the bug to Google's attention, Google's Threat Analysis Group issued a warning to cybersecurity researchers that North Korean hackers were targeting researchers working on sensitive topics, in part by luring the researchers onto blog sites that exploited a browser vulnerability.
Google said browser updates will continue rolling out over the coming days and weeks.
How to update Chrome
If you're using Chrome, it's a good idea to check which version you're using and see whether you're fully updated. If you're using the Brave browser or another browser built on Google's Chromium engine, you should consider updating those as well.
Updating Chrome is a supersimple process. Here's how you do it.
Open Chrome, and check the top-right corner of the browser window for a green Update button, beside your three-dot More menu.
Once you click Update, you'll be greeted by a prompt to confirm your choice. Click Relaunch and Google does the rest. Remember that this will close and restart your browser, so make sure you've saved anything you're working on before proceeding.
Many Chrome users already have their browsers set to update by default, so you may not need to take any action. To check whether your browser has already updated itself, simply open Chrome, go to the top-right corner and click the three-dot More menu.
If you see an option that says Update Google Chrome, then you're not running the latest version. If you are running the latest version, that option won't be in the list. You can also manually check for updates by opening Chrome, then going to the top-left of your browser, clicking File, then clicking Preferences.
From there, select Safety Check from the list of options on the left side of the browser.
You'll be taken to a screen that will offer to run a check for any updates or risks in your current version of Chrome. Click the Check Now button and the automated process will take over. You'll still need to restart Chrome afterward, though, so be sure to save any open work.
Wondering whether this affects your browser? It takes only two clicks to find out whether you're running Chrome's 88.0.4324.150, the latest version and the one impacted by the vulnerability and update. Here's how.
Open Chrome and go to the top-left corner of your window.
Once you've clicked preferences, you'll be presented with not only your current Chrome version information, but other system and security options to explore.