{"id":17993,"date":"2021-02-05T13:00:02","date_gmt":"2021-02-05T18:00:02","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/update-google-chrome-to-8804324150\/17993\/"},"modified":"2022-05-05T11:04:02","modified_gmt":"2022-05-05T07:04:02","slug":"update-google-chrome-to-8804324150","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/update-google-chrome-to-8804324150\/17993\/","title":{"rendered":"All users: Update Google Chrome immediately"},"content":{"rendered":"<p>Researchers have found a critical vulnerability, <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2021-21148\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">CVE-2021-21148<\/a>, in Google Chrome. We recommend addressing it as soon as possible because cybercriminals are already exploiting it. Browser versions for major desktop operating systems (Windows, MacOS, and Linux) are all vulnerable. Here\u2019s what\u2019s going on, and how to update your browser.<\/p>\n<h2>Why CVE-2021-21148 is dangerous<\/h2>\n<p><a href=\"https:\/\/www.cybersecurity-help.cz\/vdb\/SB2021020420\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">The vulnerability<\/a> lets cybercriminals perform a <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/heap-overflow-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">heap overflow attack<\/a> \u2014 a manipulation that can lead to remote code execution on a victim\u2019s device. Exploiting the vulnerability can be as simple as crafting a malicious Web page and luring victims to it, but as a potentially devastating result, they can gain total control over the affected system.<\/p>\n<p>The vulnerable component in this case is the JavaScript V8 engine embedded in the browser. Google received information about the vulnerability on January 24 from security researcher Mattias Buelens, and the company published a patch with the fix on February 4. Google has acknowledged reports of unnamed hackers actively exploiting CVE-2021-21148 in the wild.<\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/google-patches-an-actively-exploited-chrome-zero-day\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">According to a ZDnet article<\/a>, the vulnerability may be connected to recent hacker attacks out of North Korea on the cybersecurity expert community. At least, the attack pattern bears striking similarities to the exploitation of CVE-2021-21148. Also, the date of the vulnerability\u2019s discovery is very close to the date on which the attacks on experts were disclosed. However, we do not yet have direct confirmation of this theory.<\/p>\n<p>As usual, Google is waiting until most active Chrome users have updated their browsers to disclose more technical details. That is understandable; irresponsible vulnerability disclosure can lead to a rapid increase in attacks.<\/p>\n<h2>How to stay safe<\/h2>\n<ul>\n<li>Immediately update Google Chrome on your PC. To do so, click the button with three dots in the upper right corner of the browser window and choose <em>Settings \u2192 About Chrome<\/em>. Once you open this page your browser will start updating automatically.<\/li>\n<li>Restart the browser if prompted for the changes to take effect. Do it right away, and don\u2019t worry about losing open tabs; modern versions of Chrome either automatically restore the tabs on relaunch or, in the event of an unexpected shutdown, offer to restore them.<\/li>\n<li>If Chrome\u2019s About page indicates you\u2019re already using version 88.0.4324.150, then your browser is up to date and you no longer have to worry about CVE-2021-21148.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksos-generic\">\n","protected":false},"excerpt":{"rendered":"<p>Hackers are actively exploiting a dangerous vulnerability in Google Chrome. With Chrome 88.0.4324.150, Google has patched the vulnerability.<\/p>\n","protected":false},"author":2706,"featured_media":17994,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1917,1486],"tags":[1636,16,22,268],"class_list":{"0":"post-17993","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"category-threats","10":"tag-browsers","11":"tag-chrome","12":"tag-google","13":"tag-vulnerabilities"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/update-google-chrome-to-8804324150\/17993\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/update-google-chrome-to-8804324150\/22503\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/update-google-chrome-to-8804324150\/8916\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/update-google-chrome-to-8804324150\/24207\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/update-google-chrome-to-8804324150\/22285\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/update-google-chrome-to-8804324150\/21013\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/update-google-chrome-to-8804324150\/24672\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/update-google-chrome-to-8804324150\/23901\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/update-google-chrome-to-8804324150\/30081\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/update-google-chrome-to-8804324150\/9294\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/update-google-chrome-to-8804324150\/38678\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/update-google-chrome-to-8804324150\/16382\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/update-google-chrome-to-8804324150\/16931\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/update-google-chrome-to-8804324150\/14468\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/update-google-chrome-to-8804324150\/26181\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/update-google-chrome-to-8804324150\/30006\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/update-google-chrome-to-8804324150\/26685\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/update-google-chrome-to-8804324150\/23542\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/update-google-chrome-to-8804324150\/28882\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/update-google-chrome-to-8804324150\/28689\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/chrome\/","name":"Chrome"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/17993","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=17993"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/17993\/revisions"}],"predecessor-version":[{"id":17995,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/17993\/revisions\/17995"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/17994"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=17993"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=17993"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=17993"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}