Researchers found a critical vulnerability in Chrome called CVE-2021-21148. Browser versions for major desktop operating systems (Windows, macOS, and Linux) are all vulnerable.
The company has released version 88.0.4324.150 for Windows, Mac and Linux and is available to all users.
The vulnerability allows cybercriminals to perform a stack overflow attack, a manipulation that could lead to remote code execution on the victim’s device. Exploiting the vulnerability can be as simple as setting up a malicious Web page and luring victims, but with a potentially devastating outcome, they can gain complete control over the affected system.
The vulnerable component is the JavaScript V8 engine embedded in the browser. Google received information about the vulnerability from security researcher Mattias Buelens on January 24, and the company released a patch called 88.0.4324.150 on February 4 that contains the fix.
Google Chrome Update
We recommend that users update their devices to the latest version of Chrome to reduce the risk associated with the vulnerability.
To update Google Chrome, click on the three dots in the upper right corner of the page. After clicking, press the “Help” tab. Then we do the update by clicking the “About Google Chrome” tab.
Note: If Chrome’s About page already indicates that you are using version 88.0.4324.150, your browser is up to date and you no longer need to worry about CVE-2021-21148.
Reference:
- https://usa.kaspersky.com
- https://thehackernews.com