What Happened?
With almost two billion users, Google Chrome is a significant player in the web browser market. Google has issued two different upgrade warnings in the past week to urge Chrome users to update their browsers.
What Was Affected?
While it is not totally clear how it happened, Google confirmed that a “zero-day” exploit was found in Chrome. While most security issues are patched after discovery, a “zero-day” classification means the vulnerability has been discovered and that hackers are actively working to exploit it.
The vulnerability, (CVE-2021-30554) is found in WebGL, a JavaScript API for rendering. Google’s blog details this exploit a little more.
Bleeping Computer confirms a group called “PuzzleMaker” has been successful in using Chrome zero-day bugs to install malware on Windows 10 systems.
How Can I Protect Myself and My Users?
Immediately go to the three dots at the top right of your browser:
Customize and Control Google Chrome > Help > About Google Chrome
If your browser version on Linux, macOS and Windows is listed as 91.0.4472.114 or above you are safe.
Google has also confirmed three additional “high level” threats were patched in this version of Chrome.