Security News > 2021 > February > Chrome zero-day bug that is actively being abused by bad folks affects Edge, Vivaldi, and other Chromium-tinged browsers
If you use Google Chrome or a Chromium-based browser such as Microsoft Edge, update it immediately and/or check it for updates over the coming days: there is a zero-day bug being "Actively exploited" in the older version of Chrome that will also affect other vendors' browsers.
Details are intentionally scant until enough of the wider world has installed the update, but the flaw exists in how Chrome handles heap overflows in V8, Chromium's Javascript engine.
Chrome users should update now to version 88.0.4324.150.
The V8 vuln affects Chromium-based browsers in general and not just Google Chrome itself.
Tarquin Wilton-Jones, developer at Vivaldi, told The Register: "This is a generic Chromium issue, and affects Chromium-based browsers. We released an update for our desktop stable channel yesterday, which includes the Chromium update for this issue. We are currently testing our Android build with the update, and hope to have it released soon."
The Chromium log for the latest version, naturally, contains no specific details of the bug yet.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/05/chrome_zero_day_update/
Related news
- Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions (source)
- Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs (source)
- New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions (source)
- Chrome, Edge users beset by malicious extensions that can’t be easily removed (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Qilin ransomware now steals credentials from Chrome browsers (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)