Google has revealed that two weaknesses in Chrome are under active attack, as users have been urged to update their browser to avoid becoming a victim.
They were reported to Google via an anonymous party and were given a severity rating of “high.” Little more information was provided on where or how the vulnerabilities—known as zero-days, as developers have “zero days” to fix the flaw before it’s been abused by malicious hackers—have been exploited.
The updated version will roll out for Windows, Mac and Linux users “over the coming days/weeks,” Google said in a blog post. When Forbes updated on Tuesday morning on an Apple Mac, it was to the latest, most secure version, 93.0.4577.82. Users can check what version they’re running by clicking the “About Google Chrome” button in the help section in the browser.
Monday was a big day for significant security updates. Google also revealed nine other vulnerabilities rated “high” severity that were patched in the latest Chrome release. Two of those were deemed serious enough to warrant a $7,500 payout to the security researchers who found them. Meanwhile, Apple put out an emergency iOS update to deal with a zero-day vulnerability that had allegedly been exploited by $1 billion-valued Israeli spyware provider NSO Group.
This year has seen a significant number of active campaigns exploiting zero-day weaknesses in major software, with Microsoft tools the top target. According to former Kaspersky cybersecurity expert and podcaster Ryan Naraine, there have been 66 zero-day attacks so far in 2021.
MORE FOR YOU
By Google’s own record, Naraine’s data is wrong. A spreadsheet tweeted by Google security researcher Maddie Stone revealed that there had been nine zero-day attacks in the wild reported in 2021.
Microsoft has had a particularly rough 2021, with attacks targeting Exchange ramping up in recent months. One former security staffer, Kevin Beaumont, openly criticized Microsoft for not doing more to warn users about the need to patch vulnerabilities that were used by hackers in ransomware attacks in recent weeks.