Chrome under hacker attack — how to update ASAP
Hackers using flaws to crack open Chrome
patched Chrome for Windows, Mac and Linux Monday (Sept. 13) to fix two zero-day flaws being actively used by hackers in attacks. Nine other vulnerabilities were also fixed. You'll want to update your browser ASAP to make sure you're not a sitting duck.
To update Chrome in Windows or Mac, it's usually enough to just close the browser and relaunch it again. Users of some Linux distributions, however, may have to wait for their distro to package the Chrome fix along with other software updates.
If relaunching Chrome doesn't update it, then move your mouse cursor up to the three little vertical dots in the top right of the browser window. Click the dots, then move your cursor down to hover over "Help" in the drop-down menu.
A smaller window will pop out to the left. Click "About Google Chrome." Your browser will either tell you that it's up to date or will update itself and then prompt you to relaunch. The version of Chrome that you want to be on right now is 93.0.4577.82.
No time to prepare
The two patched zero-day flaws, catalogued as CVE-2021-30632 and CVE-2021-30633, were both reported to Google by anonymous sources (possibly the same source) on Sept. 8.
They're called "zero days" because hackers were already using them in attacks before Chrome found out, giving the developers no time to prepare fixes before exploitation began. These are the first zero-days patched in Chrome since mid-July.
Possible international espionage
There's no information yet on who was using these two zero-days flaws, or who was being targeted. But most of the Chrome zero-days fixed in 2021 have involved highly resourced nation-state attackers — i.e., government spies — going after high-value targets, which can include political dissidents, foreign diplomats or others whose computers and smartphones might contain lots of valuable information.
The other flaws fixed included three in the Blink rendering engines that builds web pages in Chrome, and two in the ANGLE graphics engine. Most of their discoverers were named, but we liked the one identified only as "@SorryMybad."
Chrome shares its open-source Chromium codebase with several other browsers, and not all had been updated yet at the time of this writing. Despite yesterday's (Sept. 14) Patch Tuesday round of Microsoft updates, the Microsoft Edge browser was still based on Chromium 93.0.4577.63, while Opera was even further back with Chromium 92.0.4515.159.
However, both Brave and Vivaldi have updated themselves to the current version of Chromium.