Google Patches Chrome, Removes Suspect Extension

With the shift to web-based computing, it is perhaps not surprising that hackers are increasingly exploiting web browsers. And there is no browser more popular than Chrome, the latest version of which has already suffered from a zero-day attack.

“Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” Google’s Srinivas Sista writes in a new post to the Chrome Releases blog. “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”

Well, this one did: The exploit specifically targets Chrome 88, the latest stable version of the browser, forcing Google to reissue it. Those who already upgraded to Chrome 88 will be prompted to install an update, version 88.0.4324.150 for Windows, Mac, and Linux.

Google won’t disclose details of the vulnerability until “a majority of users are updated with a fix,” a courtesy it doesn’t provide to other platform makers, like Microsoft. But the vulnerability is described as a heap buffer overflow in Chrome’s V8 JavaScript engine.

Separately, Google has removed the Chrome extension The Great Suspender from its Chrome Web Store and is remotely uninstalling it from users’ computers because it’s been found to contain malware. This extension works like the new sleeping tabs feature in Edge 88; it suspended idle Chrome tabs so that the browser would suck up fewer resources. (The Great Suspender was also removed from the Edge Add-Ons site, as well, though it is of course now superfluous.)

Obviously, Chrome users should upgrade as soon as possible to the latest version. But if you’re concerned at all about Chrome, and you should be, since it tracks all your activities and sells that information to advertisers, this is a great time to upgrade to Microsoft Edge. Just saying.

Original Article