Your security online is paramount to a positive user experience, and the developers at Google are constantly working hard to keep you safe while browsing the web. But even as they endeavor to keep apps secure from the ground up, inevitably some security flaws fall through the cracks — including a recently discovered Chrome vulnerability that’s being actively exploited today. Thankfully, Google rolled out an update to Chrome that patches it along with other exploits, and you’d be wise to install it as soon as possible.
Google recently published Chrome 91.0.4472.101 for desktops and Android devices, which fixes a handful of security flaws. One of them is CVE-2021-30544, a zero-day exploit that’s actively used in the wild. The company isn’t disclosing how this exploit works “until a majority of users are updated with a fix,” but security researchers Rong Jian and Guang Gong report that the zero-day took advantage of a use-after-free flaw in the V8 Javascript engine — specifically BFCache, Chrome’s way of caching webpages when you navigate away. A remote attacker could compromise a system when a user visits a malicious website, then execute arbitrary code to create a use-after-free error.
How to update Chrome
Google reiterates that the zero-day exploit for Chrome is being actively used on the internet — and you should update right now to stay safe. Your device should automatically fetch Chrome 91.0.4472.101, but if it doesn’t, here’s how you can manually update:
Chrome for desktop platforms
- Click the three-dot menu on the right side of the browser.
- Hover your cursor over “Help.”
- Press “About Chrome.”
Chrome for Android
- Launch the Google Play store.
- Tap your profile picture on the search bar (with the old layout, tap the “hamburger” button.)
- Press Manage apps & devices.
- Tap “Update all.”
If Google Play doesn’t grab Chrome 91.0.4472.101 for your phone, we have the APK on APKMirror. Chromebooks are expected to get an updated build of Chrome OS 91 with these security patches soon.
Post a Comment