Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability

by

Google Chrome Material Icon 450x450Google has released Chrome version 88.0.4324.150 with an important fix for a zero-day vulnerability in the web browser that the company says is likely to have been exploited in the wild.

Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."

However, ZDNet notes that the date on which Google says the bug was reported, January 24, is just two days after Google's Threat Analysis Group reported a hacking campaign carried out by North Korean hackers against the cyber-security community.

Some of the attacks involved luring security researchers to a blog where the attackers exploited browser zero-days to run malware on the researchers' systems. On January 28, Microsoft also reported that attackers most likely used a Chrome zero-day for their attacks.

The proximity of the two events has led security researchers to suspect that it was indeed the CVE-2021-21148 zero-day that was used in the attacks. As a result, all users are being advised to use the Chrome menu bar's About Google Chrome option to upgrade their browser to the latest version as soon as possible.

Google Chrome for Mac is a free download available directly from Google's servers. Google Chrome for iOS is a free download for iPhone and iPad available on the App Store. [Direct Link]

Tags: Chrome, Exploit, Google, Security

Popular Stories

Gemini Siri Feature

Google Confirms Gemini-Powered Siri Coming Later This Year

Wednesday April 22, 2026 11:08 am PDT by
Google today commented on its partnership with Apple, confirming that Gemini will power a new, more personalized version of Siri that's set to be released later in 2026. Google Cloud chief Thomas Kurian mentioned the Apple partnership during Google Cloud Next 2026, a conference that's taking place in Las Vegas, Nevada today. Earlier this year, we announced a monumental partnership with one...
Read Full Article122 comments
google photos wardrobe

Google Photos to Get AI 'Wardrobe' Feature

Wednesday April 29, 2026 3:50 pm PDT by
Google Photos is getting a new wardrobe planning feature that will help you decide what to wear. AI will pull in images of clothing from the Google Photos library, organizing clothing items into a digital closet. You will be able to put items together to create outfits, and even virtually try them with a digital avatar on to see how they'll look. The Google Photos app will show all items of...
Read Full Article35 comments
Photos App Icon Liquid Glass

Google Says Pixel Phones Won't Get Apple's Liquid Glass Design

Wednesday May 6, 2026 1:57 pm PDT by
The Android operating system for Pixel smartphones is not going to take design cues from Apple and adopt a Liquid Glass aesthetic, Google Android president Sameer Samat said recently (via 9to5Google). In response to a social media mockup of an Android device with a Liquid Glass design, Samat said, "Not happening! Y'all are wild." The mockup was in response to a teaser video for The Android...
Read Full Article98 comments

Top Rated Comments

techpr Avatar
techpr
69 months ago
I stopped using and uninstalled Chrome in 2020. Safari and Firefox for me.
Score: 3 Votes (Like | Disagree)
macdos Avatar
macdos
69 months ago
Always these "overflows", there's no end to it, it is just like Flash.

Code in apps and OSs should be rewritten from scratch with something else than C and derivatives, something that doesn't use "pointers", something that is tight from start.
Score: 2 Votes (Like | Disagree)
I
ian87w
69 months ago
Does this zero-day vulnerability only affect Chrome, or does it affect all Chromium based browsers?
Score: 2 Votes (Like | Disagree)
M
MysticCow
69 months ago

Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix."
"We have discovered a bug where Apple's tracking option will cause Chrome to crash, so we are trying to disable it!"

Internet irony might be lost on this one.

Curious as to what others uses as a backup browsers to Safari? I'm looking to de-google thus Chrome is out, but need a Chromium browser for the occasional website where Safari doesn't place nice.
Firefox with uMatrix and Facebook Container. It works wonders to clear the tracking gunk.
Score: 1 Votes (Like | Disagree)
chucker23n1 Avatar
chucker23n1
69 months ago

What about WebKit based browsers like Safari? Is the exploit something Google added since forking for Chromium, or is it something that was separately fixed already for WebKit?
If the bug is in V8, WebKit won't be affected because WebKit's JS engine was never V8. (Chrome choosing its own JS engine happened long before it forked WebKit to Blink.)

If the bug is outside V8, it is indeed possible that WebKit is affected.
Score: 1 Votes (Like | Disagree)
luvbug Avatar
luvbug
69 months ago
The Brave browser has already updated the stable release to this latest Chrome build. Just FYI. Edit: "latest Chromium build", which tracks the Chrome build exactly, but excludes the closed-source bits.
Score: 1 Votes (Like | Disagree)
Read All Comments