Google fixes actively exploited Chrome zero-day
The flaw may be related to a recent hacking campaign against the cyber security community


Google has released an updated version of its Chrome web browser following reports of a zero-day vulnerability being exploited in the wild.
Version 88.0.4324.150 for Windows, Mac and Linux contains only one patch which is aimed at a memory corruption bug in Chrome’s V8 JavaScript engine, known as CVE-2021-21148.
The vulnerability, marked as high risk, was reported on 24 January by security researcher Mattias Buelens, who is also a lead software architect on THEOplayer.
Google Chrome technical program manager Srinivas Sista said that the tech giant is “aware of reports that an exploit for CVE-2021-21148 exists in the wild”. He didn’t provide any additional details about the zero-day vulnerability due to risk of further exploitation, noting that the majority of users hadn’t yet been updated with a fix.
However, ZDNet notes that the date on which Google says the bug was reported, January 24, is just two days after Google's Threat Analysis Group reported a hacking campaign carried out by North Korean hackers against the cyber security community. It's believed this campaign may have relied on zero-day exploits in Chrome and Internet Explorer.
Chrome version 88.0.4324.150 has begun to roll out to users across Windows, Mac and Linux systems. Users can check if their Chrome browser is up to date by following these steps:
- Open your Chrome browser and look the three vertical dots on the top right corner
- Green means the update it less than two days old
- Orange means the update is about four days old
- Red means the update is a least a week old
- If the dots are coloured, click them to open the menu
- Click “Update Google Chrome”
- Exit your Chrome browser and reopen it to complete the update.
Google was forced to deal with another Chrome zero-day vulnerability in October of last year, when its Project Zero security team discovered that hackers were exploiting the bug to attack Chrome users’ systems.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The vulnerability, a memory corruption bug in the FreeType font-rendering library, prompted the tech giant to release the Chrome OS 86.0.4240.112 update, which addressed the detected zero-day security flaw on Google Chromebooks.
Having only graduated from City University in 2019, Sabina has already demonstrated her abilities as a keen writer and effective journalist. Currently a content writer for Drapers, Sabina spent a number of years writing for ITPro, specialising in networking and telecommunications, as well as charting the efforts of technology companies to improve their inclusion and diversity strategies, a topic close to her heart.
Sabina has also held a number of editorial roles at Harper's Bazaar, Cube Collective, and HighClouds.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
Zero Trust myths: Fact or fiction?
Whitepaper What the myths get right and wrong about Zero Trust
By ITPro Published
-
ZTNA vs on-premises VPN
Whitepaper How ZTNA wins the network security game
By ITPro Published
-
A roadmap to Zero Trust with Cloudflare and CrowdStrike
Whitepaper Achieve end-to-end protection across endpoints, networks, and applications
By ITPro Published
-
Windows 10 users locked out of devices by unskippable Microsoft 365 advert
News Entering payment information was the only way for some to enter their own PCs
By Rory Bathgate Published
-
Spanish spyware outfit uncovered, develops exploits for Windows, Chrome, and Firefox
News Google was only able to discover the company after an anonymous submission was made to its Chrome bug reporting programme
By Zach Marzouk Published
-
State-sponsored hackers delay new Microsoft Exchange Server by four years
News Hafnium's devastating zero-day exploit chain in 2021 forced Microsoft to improve the security of current versions instead of releasing the new one on schedule
By Connor Jones Published
-
Chinese hackers exploit Microsoft zero-day as list of vulnerable Office products grows
News Microsoft has published a support guide and temporary workarounds for IT admins to mitigate the threat
By Connor Jones Published
-
Google patches second Chrome browser zero-day of 2022
News Google acted quickly to secure against the type confusion vulnerability that was under active exploitation
By Connor Jones Published