Saturday, March 6

an update corrects a security flaw that has already been exploited

Google has announced an update to its Chrome browser. This makes it possible to correct a security flaw in the V8 engine spotted on January 24.

This Thursday, Google updated its Chrome browser, which is now version 88.0.4324.150 on Windows, Mac and Linux. As the version number indicates, this is a minor update touted as a security patch by Google.

However, when we look more into the details of the fixed flaw, as the Engadget site did, we realize that the update is important to say the least. It makes it possible to correct the CVE-2021-21148 flaw discovered by the Belgian engineer Mattias Buelens on January 24. This flaw is in fact found in the JavaScript engine V8 which allows a malicious person to run a program directly on the computer of a third party. As our colleagues from Numerama, the V8 is also used by other internet browsers like Edge or Opera. They could therefore also be affected by the flaw.

A flaw already used by malicious people

Above all, as Google indicates, the flaw spotted by the Belgian researcher is already actively used by hackers. “Google is aware that a use of CVE-2021-21148 exists in nature”, thus indicates the editor of Chrome. However, the firm does not further detail how the security breach works in order to prevent it from being massively exploited by malicious people.

The Google Chrome patch will be rolled out in the next few days or weeks, the publisher says. To find out its current version of Google Chrome, go to the browser menu, select « Aide » then “About Google Chrome”. It is also possible to directly enter “chrome: // settings / help” in the address bar.

Leave a Reply

Your email address will not be published. Required fields are marked *