If you see a notification to update your Chrome this week, don't ignore it. On Thursday, Google said it's now rolling out security updates for the browser to patch a vulnerability that's still being exploited in the wild. As first reported by CNET sister publication ZDNet, the zero-day vulnerability and patch are for Chrome version 88.0.4324.150 for Mac, Windows and Linux system users.
The details about the vulnerability, called CVE-2021-21148, are currently being kept under wraps "until a majority of users are updated with a fix," according to a post on Google's security update blog on Thursday. The discretion is typical of companies facing security risks that are still widely active, but Google did note that the bug was being used in attacks before it was reported to engineers by user Mattias Buelens on Jan. 24.
"Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the company said in a blog post. "We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel."
Just two days after Buelens brought the bug to Google's attention, Google's Threat Analysis Group issued a warning to cybersecurity researchers that North Korean hackers were targeting researchers working on sensitive topics, in part by luring the researchers onto blog sites that exploited a browser vulnerability.
Google said browser updates will continue rolling out over the coming days and weeks.
How to update Chrome
If you're using Chrome, it's a good idea to check which version you're using and see whether you're fully updated. If you're using theor another browser built on Google's , you should consider updating those as well.
Updating Chrome is a supersimple process. Here's how you do it.
Open Chrome, and check the top-right corner of the browser window for a green Update button, beside your three-dot More menu.
Once you click Update, you'll be greeted by a prompt to confirm your choice. Click Relaunch and Google does the rest. Remember that this will close and restart your browser, so make sure you've saved anything you're working on before proceeding.
Many Chrome users already have their browsers set to update by default, so you may not need to take any action. To check whether your browser has already updated itself, simply open Chrome, go to the top-right corner and click the three-dot More menu.
If you see an option that says Update Google Chrome, then you're not running the latest version. If you are running the latest version, that option won't be in the list. You can also manually check for updates by opening Chrome, then going to the top-left of your browser, clicking File, then clicking Preferences.
From there, select Safety Check from the list of options on the left side of the browser.
You'll be taken to a screen that will offer to run a check for any updates or risks in your current version of Chrome. Click the Check Now button and the automated process will take over. You'll still need to restart Chrome afterward, though, so be sure to save any open work.
What version of Chrome am I using?
Wondering whether this affects your browser? It takes only two clicks to find out whether you're running Chrome's 88.0.4324.150, the latest version and the one impacted by the vulnerability and update. Here's how.
Open Chrome and go to the top-left corner of your window.
Once you've clicked preferences, you'll be presented with not only your current Chrome version information, but other system and security options to explore.