Chrome under hacker attack — how to update ASAP

(Image credit: monticello/Shutterstock)

Google patched Chrome for Windows, Mac and Linux Mon (Sept. xiii) to ready two nil-twenty-four hours flaws being actively used by hackers in attacks. Nine other vulnerabilities were likewise fixed. You'll want to update your browser ASAP to make certain you're non a sitting duck.

To update Chrome in Windows or Mac, it's usually enough to simply close the browser and relaunch it again. Users of some Linux distributions, however, may have to wait for their distro to bundle the Chrome fix along with other software updates.

How to run a Safety Bank check in Google Chrome
The all-time Windows 10 antivirus software
Plus: I thought Amazon Burn down TVs were trash — simply the Omni changes that

If relaunching Chrome doesn't update it, then move your mouse cursor up to the three little vertical dots in the tiptop right of the browser window. Click the dots, then move your cursor down to hover over "Help" in the drop-downwards menu.

A smaller window will pop out to the left. Click "About Google Chrome." Your browser will either tell you that it's upwards to date or will update itself and then prompt you to relaunch. The version of Chrome that you desire to exist on right now is 93.0.4577.82.

No time to gear up

The 2 patched zilch-24-hour interval flaws, catalogued every bit CVE-2021-30632 and CVE-2021-30633, were both reported to Google past bearding sources (possibly the same source) on Sept. 8.

They're called "zero days" because hackers were already using them in attacks before Chrome found out, giving the developers no time to set fixes earlier exploitation began. These are the start nada-days patched in Chrome since mid-July.

The starting time is described as an "out-of-bounds write in V8," which is Chrome's JavaScript engine and handles many of the moving parts on a web page. Google has patched half-a-dozen zilch-days this twelvemonth related to V8.

The 2d flaw is characterized as "use after gratuitous in Indexed DB API," meaning that hackers figured out a way to hijack running memory allocated to a programming interface that handles JavaScript interactions with a database.

JavaScript is ane of the main components that make interactive websites possible. Before JavaScript, websites were largely static. Without JavaScript and similar technologies, you wouldn't be able to open up a Gmail bulletin without reloading the entire page.

Possible international espionage

There'due south no information yet on who was using these two zippo-days flaws, or who was being targeted. Just most of the Chrome zero-days fixed in 2021 have involved highly resourced nation-state attackers — i.due east., authorities spies — going after high-value targets, which can include political dissidents, strange diplomats or others whose computers and smartphones might contain lots of valuable information.

The other flaws fixed included three in the Glimmer rendering engines that builds web pages in Chrome, and two in the Bending graphics engine. Most of their discoverers were named, but we liked the one identified only as "@SorryMybad."

Chrome shares its open up-source Chromium codebase with several other browsers, and not all had been updated withal at the time of this writing. Despite yesterday's (Sept. 14) Patch Tuesday circular of Microsoft updates, the Microsoft Border browser was nonetheless based on Chromium 93.0.4577.63, while Opera was even further dorsum with Chromium 92.0.4515.159.

However, both Brave and Vivaldi take updated themselves to the current version of Chromium.

Contempo Chrome updates

Here's a list of the Chrome desktop updates in the past half dozen months of 2021.

Sept. 13: 93.0.4577.82
Aug. 31: 93.0.4577.63
Aug. 16: 92.0.4515.159
Aug. 2: 92.0.4515.131
July 20: 92.0.4515.107
July 15: 91.0.4472.164
June 24: 91.0.4472.123/.124
June 17: 91.0.4472.114
June 14: 91.0.4472.106
June 9: 91.0.4472.101
May 25: 91.0.4472.77
May 10: 90.0.4430.212
Apr 26: 90.0.4430.93
April xx: ninety.0.4430.85
April 14: 90.0.4430.72
April xiii: 89.0.4389.128
March 30: 89.0.4389.114
March 12: 89.0.4389.ninety
March five: 89.0.4389.82
March 2: 89.0.4389.72

Paul Wagenseil is a senior editor at Tom'south Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul commuter, code monkey and video editor. He'southward been rooting around in the data-security space for more than than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'southward Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and fifty-fifty moderated a panel discussion at the CEDIA dwelling-technology conference. Y'all can follow his rants on Twitter at @snd_wagenseil.